Fw: mac acl - conflict with - vlan filter

From: ccie2be (ccie2be@nyc.rr.com)
Date: Wed Sep 10 2003 - 07:57:16 GMT-3

• Next message: Jung, Jin: "RE: OSPF Point-to-Multipoint, Nonbroadcast"
• Previous message: Jason Wong: "Re: test message to R&S lab list 4:56 pm EDT (GMT -5)"
• Maybe in reply to: navaid@rogers.com: "mac acl - conflict with - vlan filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: <navaid@rogers.com>
Sent: Tuesday, September 09, 2003 10:04 PM
Subject: Re: mac acl - conflict with - vlan filter

> Hi navaid,
>
> According to the 3550 config guide on page 26-19, this behavior is
expected,
> "Port ACLs are not supported on the same switch with router ACLs and VLAN
> maps."
>
> Also see page 26-44, Configuration Conflicts
>
> HTH, dt
>
> ----- Original Message -----
> From: <navaid@rogers.com>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, September 09, 2003 5:00 PM
> Subject: mac acl - conflict with - vlan filter
>
>
> > When I apply mac acl to ports in vlan 1, I receive a message indicating
> conflict with vlan filters. My vlan filters are on vlan 999 and these
ports
> are in vlan 1.
> >
> > switch1(config)#int range fa0/3 , fa0/11
> > switch1(config-if-range)#mac access-group no6k in
> > switch1(config-if-range)#
> > 000096: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
> > 000097: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
> > switch1(config-if-range)#
> >
> > following is config for vlan filter and mac-acl
> >
> > mac access-list extended no6k
> > deny any any etype-6000
> > permit any any
> > !
> >
> > vlan access-map nbtonly 10
> > action forward
> > match ip address 100
> > vlan access-map nbtonly 20
> > action drop
> > vlan filter nbtonly vlan-list 999
> >
> > access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-dgm
> > access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ns
> > access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ss
> > access-list 100 permit tcp 199.199.199.0 0.0.0.255 any eq 139
> > access-list 100 permit tcp any 199.199.199.0 0.0.0.255 eq 139
> > access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-dgm
> > access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ns
> > access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ss
> >
> >
> > 1
> >
> >
> > _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Jung, Jin: "RE: OSPF Point-to-Multipoint, Nonbroadcast"
• Previous message: Jason Wong: "Re: test message to R&S lab list 4:56 pm EDT (GMT -5)"
• Maybe in reply to: navaid@rogers.com: "mac acl - conflict with - vlan filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:25 GMT-3