RE: mac acl - conflict with - vlan filter

From: R&S Groupstudy (rsg@synergy-networking.co.uk)
Date: Wed Sep 10 2003 - 04:58:05 GMT-3

• Next message: Jonathan V Hays: "test message to R&S lab list 4:56 pm EDT (GMT -5)"
• Previous message: phonkrit.k@datacraft-asia.com: "Re: Approved"
• Maybe in reply to: navaid@rogers.com: "mac acl - conflict with - vlan filter"
• Next in thread: ccie2be: "Fw: mac acl - conflict with - vlan filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi,

can you post your full configs - at least the interface part.

one thing you could try is nailing down the switchports to be access-ports
and not be in auto-negotiate trunking mode.
i.e.
interface range fast 0/3 - 11
'switchport mode access'
switchport access vlan 1 ! i know this is already there!

if this dosn't work - maybe it's a vlan 1 think - you know spanningtree and
all that,
try putting your ports in another vlan - eg 2,
interface range fast 0/3 - 11
switchport mode access
switchport access vlan 2

good luck

Adam

> ----------
> From: navaid@rogers.com[SMTP:navaid@rogers.com]
> Reply To: navaid@rogers.com
> Sent: Tuesday, September 09, 2003 10:00 PM
> To: ccielab@groupstudy.com
> Subject: mac acl - conflict with - vlan filter
>
> When I apply mac acl to ports in vlan 1, I receive a message indicating
> conflict with vlan filters. My vlan filters are on vlan 999 and these
> ports are in vlan 1.
>
> switch1(config)#int range fa0/3 , fa0/11
> switch1(config-if-range)#mac access-group no6k in
> switch1(config-if-range)#
> 000096: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
> 000097: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
> switch1(config-if-range)#
>
> following is config for vlan filter and mac-acl
>
> mac access-list extended no6k
> deny any any etype-6000
> permit any any
> !
>
> vlan access-map nbtonly 10
> action forward
> match ip address 100
> vlan access-map nbtonly 20
> action drop
> vlan filter nbtonly vlan-list 999
>
> access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-dgm
> access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ns
> access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ss
> access-list 100 permit tcp 199.199.199.0 0.0.0.255 any eq 139
> access-list 100 permit tcp any 199.199.199.0 0.0.0.255 eq 139
> access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-dgm
> access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ns
> access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ss
>
>
> 1
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Jonathan V Hays: "test message to R&S lab list 4:56 pm EDT (GMT -5)"
• Previous message: phonkrit.k@datacraft-asia.com: "Re: Approved"
• Maybe in reply to: navaid@rogers.com: "mac acl - conflict with - vlan filter"
• Next in thread: ccie2be: "Fw: mac acl - conflict with - vlan filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3