From: Narbik Kocharians (narbikk@gmail.com)
Date: Mon Jun 11 2007 - 18:30:11 ART
vlan access-map test2 20
action drop
This is the cause.
On 6/11/07, Mike Kraus (mikraus) <mikraus@cisco.com> wrote:
>
> Hi all!
>
> Assume I am trying to prohibit DHCP within a given VLAN.
>
> If I use this configuration, it all seems to work fine:
>
> access-list 101 permit udp any eq bootpc any eq bootps
> vlan access-map test1 10
> action drop
> match ip address 101
> vlan access-map test1 20
> action forward
> vlan filter test1 vlan-list 11
>
> However, if I reverse the logic, I seem to lose all IP connectivity:
>
> access-list 102 deny udp any eq bootpc any eq bootps
> access-list 102 permit ip any any
> vlan access-map test2 10
> action forward
> match ip address 102
> vlan access-map test2 20
> action drop
> vlan filter test2 vlan-list 12
>
> I do not see why the second configuration does not do the exact same
> thing as the first. Can someone clarify?
>
> Thanks,
> Mike
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Narbik Kocharians CCIE# 12410 (R&S, SP, Security) CCSI# 30832 Network Learning, Inc. (CCIE class Instructor) www.ccbootcamp.com (CCIE Training)
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:48 ART