MAC ACL Vs Vlan access-map

From: JB (jellyboy@gmail.com)
Date: Sun Dec 10 2006 - 20:49:19 ART

• Next message: Danny Cox: "Re: Re: Automating TCL script in routers"
• Previous message: CharlesB: "RE: Re[2]: BGP local-as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear all, Q refers to IEWB Lab6 9.1, but it is a general question
anyways. The task asks to filter DEC spanning tree bpdus and offers a
clan access-map as the solution:

vlan access-map DECNET 10
 action drop
 match mac address DECNET
vlan access-map DECNET 20
 action forward
 match mac address ANY>>MAC
vlan filter DECNET vlan-list 363

mac access-list extended ANY>>MAC
 permit any any
mac access-list extended DECNET
 permit any any dec-spanning

I fully understand the technology here, but I am wondering if an
extended mac ACL here would also work and have *exactly* the same
functionality?

 All VL363 ports are access ports in this example:

mac access-list extended DECNET
 deny any any dec-spanning
 permit any any

interface FastEthernet0/24
 switchport access vlan 363
 switchport mode access
 mac access-group DECNET in
!

TIA,

BTW, Thanks Brians for hosting that online session- it was extremely
informative!!

JB

• Next message: Danny Cox: "Re: Re: Automating TCL script in routers"
• Previous message: CharlesB: "RE: Re[2]: BGP local-as"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART