From: Koen Peetermans (K.Peetermans@chello.be)
Date: Tue Aug 10 2004 - 13:41:07 GMT-3
Never found it on the doc CD.
You should be able to remember the 0x806 for arp since you know the 0x800
for IP ;-)
I found a way to find them on the lab should I forget them, but it is really
going a long way around :
Put ISIS routing and a bridge group on a frame-relay interface, if needed
with a map statement, and then do "debug frame-relay", which will show you
the last two values in the debugging.
I'm sure somebody knows an easier way of doing it ;-)
Kind regards,
Koen.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: dinsdag 10 augustus 2004 17:38
To: Group Study
Subject: vlan-map filters
Hi guys,
From IE lab 11, task 1.16 and 1.17
Problem:
Allow only ip traffic on vlan 56, however, if other behind the scenes
traffic
is NOT allowed, there'll be big trouble in Cisco lab city.
Solution:
ip access-list extended IPONLY
permit ip any any
!
mac access-list extended IP_ARP
permit any any 0x806 0x0 < --- Can this found on Doc CD?
mac access-list extended IS-IS
permit any any lsap 0xFEFE 0x0 < ---- Can this found on Doc CD?
mac access-list extended IEEE-STP
permit any any lsap 0x4242 0x0 < ---- Can this found on Doc CD?
!
vlan access-map IPONLY 10
action forward
match ip address IPONLY
vlan access-map IPONLY 20
action forward
match mac address IP_ARP
vlan access-map IPONLY 30
action forward
match mac address IS-IS
vlan access-map IPONLY 40
action forward
match mac address IEEE-STP
vlan access-map IPONLY 50
action drop
vlan filter IPONLY vlan-list 56
vlan filter IPONLY vlan-list 56
Question: Does anybody know where on the Doc-CD the codes used match these
traffic types can be found? I've looked but came up empty.
Also, cdp traffic will be dropped by the above vlan filter. Is that a good
idea?
Thanks, Tim
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:36 GMT-3