From: Raymond (maksir919@yahoo.com)
Date: Thu Nov 18 2004 - 21:39:56 GMT-3
Hello,
So do you mean I cannot use IP traffic (such as ping) to trigger the ACL?
May I know any suggestion to trigger the MAC ACL
Thanks
Regards,
Raymond
--- ccie2be <ccie2be@nyc.rr.com> $:.e!G
> Bob,
>
> I don't know for sure, but I remember learning that mac acl's (at least on
> the 3550) only filter non-ip packets, but assuming that's true, there's
> something that never made much sense to me about that.
>
> If acl is filtering on mac addresses, how would it even know what layer 3
> protocol is carried inside the packet. It seems to me that once the mac
> address was matched, processing would end right there and nothing else
> inside the layer 3 headers would matter.
>
> What are your thoughts about that?
>
> TIA, Tim
> ----- Original Message -----
> From: "Bob Sinclair" <bsinclair@netmasterclass.net>
> To: "Raymond" <maksir919@yahoo.com>; <ccielab@groupstudy.com>
> Sent: Thursday, November 18, 2004 4:26 PM
> Subject: Re: Problem on QoS marking based on MAC ACL on 3750
>
>
> > Raymond,
> >
> > Double-check me on this, but I think the mac access-list only matches on
> > non-ip traffic.
> >
> > Bob Sinclair
> > CCIE #10427, CCSI 30427, CISSP
> > www.netmasterclass.net
> >
> > ----- Original Message -----
> > From: "Raymond" <maksir919@yahoo.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Thursday, November 18, 2004 10:08 AM
> > Subject: Problem on QoS marking based on MAC ACL on 3750
> >
> >
> > > Dear All,
> > >
> > > I use the following configuration. I cannot mark the packet based on the
> > > mac
> > > acl, but I can succeed to mark the packet based on IP and TCP ports.
> > > I use smartbit to generate the traffic and sniffer to capture the
> packet.
> > > What is the problem on the configuration of mac acl? or did I miss
> > > anything?
> > >
> > > Thanks you for your help
> > >
> > > Regards,
> > > mak
> > >
> > > mac access-list extended mac1
> > > permit host 0000.0000.0010 any
> > > mac access-list extended mac2
> > > permit any host 0000.0000.0011
> > >
> > > mls qos
> > >
> > > class-map match-all ip1
> > > match access-group 101
> > > class-map match-all ip2
> > > match access-group 102
> > > class-map match-all mac2
> > > match access-group name mac2
> > > class-map match-all mac1
> > > match access-group name mac1
> > > class-map match-all tcp2
> > > match access-group 104
> > > class-map match-all tcp1
> > > match access-group 103
> > >
> > > policy-map QoSMark
> > > class mac1
> > > set ip precedence 1
> > > class mac2
> > > set ip precedence 1
> > > class ip1
> > > set ip precedence 2
> > > class ip2
> > > set ip precedence 2
> > > class tcp1
> > > set ip precedence 5
> > > class tcp2
> > > set ip precedence 5
> > >
> > > interface GigabitEthernet0/2
> > > service-policy input QoSMark
> > >
> > > _________________________________________________________
> > > %21~'^!B6<:q!B$p,P,P...
> > > .v:)9aAn 1!$_3sC4
> > > http://us.rd.yahoo.com/evt=22281/*http://ringtone.yahoo.com.hk/
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:47 GMT-3