From: Mike Kraus \(mikraus\) (mikraus@cisco.com)
Date: Mon Jun 11 2007 - 17:57:09 ART
Hi all!
Assume I am trying to prohibit DHCP within a given VLAN.
If I use this configuration, it all seems to work fine:
access-list 101 permit udp any eq bootpc any eq bootps
vlan access-map test1 10
action drop
match ip address 101
vlan access-map test1 20
action forward
vlan filter test1 vlan-list 11
However, if I reverse the logic, I seem to lose all IP connectivity:
access-list 102 deny udp any eq bootpc any eq bootps
access-list 102 permit ip any any
vlan access-map test2 10
action forward
match ip address 102
vlan access-map test2 20
action drop
vlan filter test2 vlan-list 12
I do not see why the second configuration does not do the exact same
thing as the first. Can someone clarify?
Thanks,
Mike
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:48 ART