From: Djerk Geurts (djerk@djerk.nl)
Date: Wed Jul 25 2007 - 06:00:23 ART
Ben,
> A couple of points I would like to share on vlan maps:
>
> 1. In the first post, the action on http traffic was to
> forward. I'm therefore inclined to agree with Branson that
> you also need to permit the return traffic in the acl. If the
> action had been to drop, then the acl as it stands would be
> fine. This is my understanding, but perhaps I missed something.
Come to think of it I think you're right.
> 2. When you have any IP ACL being matched by a vlan map, then
> the default action for all other IP traffic becomes drop.
> Since the example given had an IP ACL, this rule will
> therefore apply. Additionally, since there was no MAC ACL
> matched in the vlan map, the default action for non-ip
> traffic will be to forward. ARP will therefore not be
> broken, but name resolution (DNS) and address assignment
> (DHCP), if they are part of the traffic profile, will need to
> be explicitly matched in an ACL, and configured to be forwarded.
Right I need to find some documentation on this on CCO as I want to know for
sure now... Will be back to post my findings
Djerk
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART