From: Victor Cappuccio (victor@ccbootcamp.com)
Date: Thu Apr 05 2007 - 00:41:01 ART
Or!!!
better yet!!
Welcome to Network Learning Inc RS/Security/SP Rack#4
For more information, please visit:
http://www.ccbootcamp.com/racks/rs-sec-sp-rack-access-faq.pdf
PLEASE ERASE YOUR CONFIGS AFTER YOU ARE FINISHED!
Username: victor
Password:
rack4>show user
Line User Host(s) Idle Location
33 tty 33 incoming 00:02:18 sw3
66 vty 0 victor R1 00:02:17 70.110.82.179
* 67 vty 1 victor idle 00:00:00 70.110.82.179
Interface User Mode Idle Peer Address
Lab2R1(config)#int f0/0.12
Lab2R1(config-subif)#exit
Lab2R1(config)#bridge irb
Lab2R1(config)#!
Lab2R1(config)#interface fast 0/0.12
Lab2R1(config-subif)#no ip address
Lab2R1(config-subif)#no ip route-cache
Lab2R1(config-subif)#no ip mroute-cache
Lab2R1(config-subif)#bridge-group 1
Lab2R1(config-subif)#no shut
Lab2R1(config-subif)#interface fast 0/0.13
Lab2R1(config-subif)#no ip address
Lab2R1(config-subif)#no ip route-cache
Lab2R1(config-subif)#no ip mroute-cache
Lab2R1(config-subif)#bridge-group 1
Lab2R1(config-subif)#
Lab2R1(config-subif)#!
Lab2R1(config-subif)#interface BVI1
Lab2R1(config-if)#ip address 192.168.1.1 255.255.255.0
Lab2R1(config-if)#!
Lab2R1(config-if)#bridge 1 protocol ieee
Lab2R1(config)#bridge 1 route ip
Lab2R1(config)#bridge 1 address 1234.1234.1234 discard
Lab2R1(config)#!
Lab2R1(config)#
Lab2R1(config)#
*Apr 5 03:55:53.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1,
changed state to up
Lab2R1(config)#^Z
Lab2R1#
Lab2R1#
*Apr 5 03:55:55.063: %SYS-5-CONFIG_I: Configured from console by console
Lab2R1#
rack9>2
[Resuming connection 2 to R2 ... ]
..
Lab2R2>
Lab2R2>
Lab2R2>en
Lab2R2#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Lab2R2(config)#int f0/0
Lab2R2(config-if)#ip add 192.168.1.2 255.255.255.0
Lab2R2(config-if)#no sh
Lab2R2(config-if)#
rack9>R3
Trying r3 (1.1.1.1, 2035)...
% Connection refused by remote host
rack9>3
[Resuming connection 3 to R3 ... ]
.
Success rate is 0 percent (0/5)
Lab2R3(config-if)#
Lab2R3>
Lab2R3>en
Lab2R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Lab2R3(config)#int f0/0
Lab2R3(config-if)#ip add 192.168.1.3 255.255.255.0
Lab2R3(config-if)#no sh
Lab2R3(config-if)#exit
Lab2R3(config)#
rack9>1
[Resuming connection 1 to R1 ... ]
Lab2R1#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
Lab2R1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Lab2R1#clear arp
Lab2R1#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Lab2R1#ping 192.168.1.
Lab2R1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Lab2R1#show run | in discard
bridge 1 address 1234.1234.1234 discard
Lab2R1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Lab2R1(config)#no bridge 1 address 1234.1234.1234 discard
Lab2R1(config)#do ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Lab2R1(config)#
*Apr 5 03:59:03.315: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1
*Apr 5 03:59:03.315: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1
*Apr 5 03:59:03.319: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1
*Apr 5 03:59:03.319: ICMP: echo reply rcvd, src 192.168.1.2, dst 192.168.1.1
Lab2R1(config)#
thanks,
Victor Cappuccio.-
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
victor@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012
-----Original Message-----
From: nobody@groupstudy.com on behalf of Victor Cappuccio
Sent: Wed 4/4/2007 20:28
To: Joshua; ccielab@groupstudy.com
Subject: RE: How to block a particular MAC on Router level?
Hi Joshua
is this what you are looking for?
Router> enable
Router# configure terminal
Router(config)# access-list 700 permit 0003.fd1b.8700
Router(config)# access-list 700 permit 0003.fd1b.8701
Router(config)# access-list 700 permit 0003.fd1b.8702
Router(config)# access-list 700 deny any
Apply MAC ACL to Gigabit Ethernet VLAN subinterface
Router(config)# interface gigabitethernet 6/0.1
Router(config -subif)# mac access-group 700 in
Router(config-subif)# end
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide
09186a00805e8f8c.html
HTH
thanks,
Victor Cappuccio.-
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
victor@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012
-----Original Message-----
From: nobody@groupstudy.com on behalf of Joshua
Sent: Wed 4/4/2007 17:22
To: ccielab@groupstudy.com
Subject: How to block a particular MAC on Router level?
I am trying to block a particular MAC address to access Internet. This is
a router-on-a-stick topology. 5 subinterfaces configured on the router
gig0/0. I have no access to the attached switch. I wonder is there some way
i can block this MAC address on the router?
Thanks in advance!
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:34 ART