From: Hossam (sam6626@yahoo.com)
Date: Fri Apr 16 2004 - 14:48:09 GMT-3
Guys, i sent this three days earlier but i got no response. I am still stuck with it.
With only one new observation. The new thing is that i noticed that the switch acts as expected (Filtering non-ip traffic only and allowing ip traffic) for arround 1 minute then it start the strange behavious of stopping both ip and non-ip traffic.
Any help would be so appriciated.
SAM
First mail:
Group,
Based on the following section in the configuration guide (Netwok
security with Access list for 3550) IOS ver. 12.1(19)EA1c :
"If the VLAN map has at least one match clause for the type of packet
(IP or MAC) and the packet does not match any of these match clauses,
the default is to drop the packet. If there is no match clause for that
type of packet in the VLAN map, the default is to forward the packet."
found at:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00801cdf53.html#1177303
My understanding was that 3550 has to different types of traffics, IP
traffic and non ip one. Moreover, Mac Vlans maps only affects non ip
traffic, and IP vlans maps only affects IP traffic.
But when i try to restrict a station with (MAC address 1) from
accessing the network using mac vlan on my 3550 (the same version as mentioned
above), i notice that the IP traffic from this end station (MAC address
1) is restricted as well!!
Is that ok? is the problem with my understanding or the documentation,
or my configurations as shown below.
Configurations:
mac access-list extended MacList2
permit host 0005.5d8d.c1d4 any
mac access-list extended MacList3
permit any any
!
!
vlan access-map VMap 10
action drop
match mac address MacList2
vlan access-map VMap 20
action forward
match mac address MacList3
vlan filter VMap vlan-list 1
!
Thanks,
SAM
---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:48 GMT-3