From: Hossam (sam6626@yahoo.com)
Date: Tue Apr 13 2004 - 16:27:12 GMT-3
Group,
Based on the following section in the configuration guide (Netwok security with Access list for 3550) IOS ver. 12.1(19)EA1c :
"If the VLAN map has at least one match clause for the type of packet (IP or MAC) and the packet does not match any of these match clauses, the default is to drop the packet. If there is no match clause for that type of packet in the VLAN map, the default is to forward the packet."
found at:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf53.html#1177303
My understanding was that 3550 has to different types of traffics, IP traffic and non ip one. Moreover, Mac Vlans maps only affects non ip traffic, and IP vlans maps only affects IP traffic.
But when i try to restrict a station with (MAC address 1) from accessing the network using mac vlan on my 3550 (the same version as mentioned above), i notice that the IP traffic from this end station (MAC address 1) is restricted as well!!
Is that ok? is the problem with my understanding or the documentation, or my configurations as shown below.
Configurations:
mac access-list extended MacList2
permit host 0005.5d8d.c1d4 any
mac access-list extended MacList3
permit any any
!
!
vlan access-map VMap 10
action drop
match mac address MacList2
vlan access-map VMap 20
action forward
match mac address MacList3
vlan filter VMap vlan-list 1
!
Thanks,
SAM
---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:47 GMT-3