From: navaid@rogers.com
Date: Tue Sep 09 2003 - 18:00:31 GMT-3
When I apply mac acl to ports in vlan 1, I receive a message indicating conflict with vlan filters. My vlan filters are on vlan 999 and these ports are in vlan 1.
switch1(config)#int range fa0/3 , fa0/11
switch1(config-if-range)#mac access-group no6k in
switch1(config-if-range)#
000096: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
000097: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
switch1(config-if-range)#
following is config for vlan filter and mac-acl
mac access-list extended no6k
deny any any etype-6000
permit any any
!
vlan access-map nbtonly 10
action forward
match ip address 100
vlan access-map nbtonly 20
action drop
vlan filter nbtonly vlan-list 999
access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-dgm
access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ns
access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ss
access-list 100 permit tcp 199.199.199.0 0.0.0.255 any eq 139
access-list 100 permit tcp any 199.199.199.0 0.0.0.255 eq 139
access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-dgm
access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ns
access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ss
1
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3