mac-address access-list extended - FILTER IP

From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Mon Dec 12 2005 - 11:19:27 GMT-3

• Next message: Chris Lewis: "Re: rate-limit average bps"
• Previous message: Curt Girardin: "RE: Metric transparent ??"
• Next in thread: Gustavo Novais: "RE: mac-address access-list extended - FILTER IP"
• Maybe reply: Gustavo Novais: "RE: mac-address access-list extended - FILTER IP"
• Maybe reply: Brian Dennis: "RE: mac-address access-list extended - FILTER IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

One doubt concerning mac-address ACL on 3550.

According to
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550s
cg/swacl.htm#wp1177176

You can filter non-IP traffic on a VLAN and on a physical Layer 2
interface by using MAC addresses and named MAC extended ACLs. The
procedure is similar to that of configuring other extended named ACLs.

What if you define on the mac-access-list that you wish to deny
ethertype 0x800 (IP).?

My doubt rises from the previous email I've sent concerning a vlan map
on which you had to allow "useful protocols", and the solution guide
used an IP access-list on one vlan access-map statement to allow IP and
a mac access-list to allow the remaining layer 2 protocols.

I'll lab it up, but I'm interested on any contributions

TIA

Gustavo Novais

• Next message: Chris Lewis: "Re: rate-limit average bps"
• Previous message: Curt Girardin: "RE: Metric transparent ??"
• Next in thread: Gustavo Novais: "RE: mac-address access-list extended - FILTER IP"
• Maybe reply: Gustavo Novais: "RE: mac-address access-list extended - FILTER IP"
• Maybe reply: Brian Dennis: "RE: mac-address access-list extended - FILTER IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3