Re: packet matching ..........

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Fri Nov 17 2006 - 12:53:28 ART

• Next message: Brian McGahan: "RE: Redistribution"
• Previous message: Brian McGahan: "RE: multicast feed command rtr"
• Maybe in reply to: Ivan: "packet matching .........."
• Next in thread: Ivan: "Re: packet matching .........."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

should this work?

SW1(config-cmap)#do sh run | in class|100|1100
class-map match-all test
  match access-group 100
  match access-group 1100
access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
access-list 1100 permit aaaa.aaaa.aaaa 0000.0000.0000 bbbb.bbbb.bbbb
0000.0000.0000

SW1(config)#mac acc
SW1(config)#mac access-list ?
  extended Extended Access List

SW1(config)#access-list ?
  <1-99> IP standard access list
  <100-199> IP extended access list
_* <1100-1199> Extended 48-bit MAC address access list*_
  <1300-1999> IP standard access list (expanded range)
  <200-299> Protocol type-code access list
  <2000-2699> IP extended access list (expanded range)
  <700-799> 48-bit MAC address access list
  dynamic-extended Extend the dynamic ACL absolute timer
  rate-limit Simple rate-limit specific access list

Ivan wrote:
> Hello !
>
> Quick question and short answer.
> In production network there is necessity to permit (in|out) packet ONLY if
> they match IP and MAC address. Can this be achieved with Catalyst3550 /
> Catalyst3750 ?
>
> To my knowledge mac-ACL match only non-IP traffic. If so, the previous
> requirement is not possible.

• Next message: Brian McGahan: "RE: Redistribution"
• Previous message: Brian McGahan: "RE: multicast feed command rtr"
• Maybe in reply to: Ivan: "packet matching .........."
• Next in thread: Ivan: "Re: packet matching .........."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART