Re: vlan access-map... match-all or match-any
From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Wed Feb 22 2006 - 20:49:54 GMT-3
So the question is I think whether the VLAN map acts like an ACL in that if
a match is found, the packet escapes further processing within the ACL, or
more like a class-map configured with match-all, whereby all match entries
have to be met in order to match in to the class.
Referring to the configuration guide, the VLAN MAP Configuration Guidelines
at
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/scg/swacl.
htm#wp1075348
quote
the following:
�Each VLAN map consists of a series of entries. The order of entries in an
VLAN map is important. A packet that comes into the switch is tested against
the first entry in the VLAN map. If it matches, the action specified for
that part of the VLAN map is taken. If there is no match, the packet is
tested against the next entry in the map.
Chris
On 2/22/06, Matt White <mwhite23@gmail.com> wrote:
>
> Trying to remember the operation of this command; can recall how it
> differs from policy-maps as it doesn't allow the option,
>
> Example:
>
> mac access-list extended MAC
> permit any any cos 0
>
> ip access-list extended IP
> permit ip 172.19.233.0 0.0.0.255 any
>
> vlan access-map BLOCK 10
> action forward
> match mac address MAC
> match ip address IP
> vlan access-map BLOCK 20
> action drop
>
> Can someone explain if the "match mac" and "match ip" both need to be
> satisfied? I am away from a "testable" 3550 currently so I cannot
> replicate.
>
> Thanks!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Wed Mar 01 2006 - 11:28:18 GMT-3