RE: 3550 vlan maps

From: Christopher M. Heffner (cheffner@certified-labs.com)
Date: Wed Oct 20 2004 - 16:15:08 GMT-3

• Next message: ccie2be: "Re: 3550 vlan maps"
• Previous message: Kian Wah, Lai: "RE: Timed access lists"
• Maybe in reply to: ccie2be: "3550 vlan maps"
• Next in thread: ccie2be: "Re: 3550 vlan maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim,

In a proper production network you would want to filter on SW2.

The main reason for doing it this way is there is no since sending the
rip updates from SW2 across the trunk to SW1 and wasting the bandwidth
of the trunk connection.

You might want to also consider that in other scenarios you might want
to filter instead on SW1 if you did have other routers on either SW1 or
SW2 that did want the routing updates or if SW2 had any routed ports
connected to other routers.

In your exact scenario, the answer would be SW2.

Remember you could also just filter on BB@ before advertising to SW2 or
use a passive interface for rip on BB2 would be another solution.

Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
www.certified-labs.com

"Complete CCIE R&S and Security Remote Labs with PIX, VPN, IDS,
CiscoWorks VMS, Cisco CSASC Server and Microsoft CA Server"

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, October 20, 2004 10:07 AM
To: Group Study
Subject: 3550 vlan maps

Hi guys,

I think this is an interesting question.

Here's the topology:

                                      / R2
BB2 ---- sw2 --trunk--sw1
                                     \ R3

BB2, R2, and R3 are all in the same vlan and all running RIP.

SW1 and SW2 are trunked together; BB2 is connected to SW2 while both R2
and R3 are connected to SW1.

I want to prevent RIP updates from BB2 to R2 and R3.

I created the following vlan map.

vlan access-map BLOCK-RIP 10
 action drop
 match ip address NO-RIP-BB2
vlan access-map BLOCK-RIP 20
 action forward
vlan filter BLOCK-RIP vlan-list 232

ip access-list extended NO-RIP-BB2
 permit udp host 192.10.3.254 eq rip any

Note that 192.10.3.254 is the address of BB2.

Here's the question:

On which 3550 should this vlan map be configured on? Does it matter?
If so, why?

To me, it seems that it would be OK to have this vlan on either sw1 or
sw2, but I wanted to hear from anyone who disagrees or someone who can
confirm my thinking.

Thanks, Tim

• Next message: ccie2be: "Re: 3550 vlan maps"
• Previous message: Kian Wah, Lai: "RE: Timed access lists"
• Maybe in reply to: ccie2be: "3550 vlan maps"
• Next in thread: ccie2be: "Re: 3550 vlan maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:50 GMT-3