From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Thu Sep 20 2007 - 08:03:25 ART
I think so too. A bit cheeky saying you should see more options but CCIE
candidates can be an impertinant lot at times. Is it latrines you get to
clean for insubordination ;)
Gary
----- Original Message -----
From: "Antonio Soares" <amsoares@netcabo.pt>
To: "'Joseph Brunner'" <joe@affirmedsystems.com>; "'Alex Steer'"
<alex.steer@eison.co.uk>; <ccielab@groupstudy.com>
Sent: Thursday, September 20, 2007 10:35 AM
Subject: RE: filtering multicast frames
> Joe,
>
> Still an IP ACL...
>
>
> Regards,
>
> Antonio Soares
> CCIE #18473, CCNP, CCIP
>
> -----Original Message-----
> From: Joseph Brunner [mailto:joe@affirmedsystems.com]
> Sent: quinta-feira, 20 de Setembro de 2007 2:38
> To: 'Antonio Soares'; 'Alex Steer'; ccielab@groupstudy.com
> Subject: RE: filtering multicast frames
>
> You should see other options Antonio, you're a general, I'm a private
> first
> class.
>
> The port is in SWITCHPORT mode; an ip acl won't work.
>
> Just ran your config in my lab, where my R4 is currently running ripv2
> with
> BB2, still got rip routes...
>
> But, you do this with a vacl...
>
> vlan access-map BLOCKRIP 10
> action drop
> match ip address norip
> vlan access-map BLOCKRIP 20
> action forward
> !
> vlan filter BLOCKRIP vlan-list 102
> !
>
> ip access-list extended norip
> permit ip any host 224.0.0.9
>
>
> Can anyone think of other ways to block rip on a switch?
>
> I tried "storm-control multicast level 0.00" but the port stopped
> forwarding
> traffic altogether (even ping, telnet)
>
> -Joe
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Antonio Soares
> Sent: Wednesday, September 19, 2007 7:16 PM
> To: 'Alex Steer'; ccielab@groupstudy.com
> Subject: RE: filtering multicast frames
>
> MAC ACLs are only valid for non-IP Traffic. See this link:
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/1
> 2.2_25_see/configuration/guide/swacl.html#wp1177176
>
> So to accomplish what you want you have to do it at IP level:
>
> !
> ip access-list extended NO-RIP
> deny ip any host 224.0.0.9
> permit ip any any
> !
> interface GigabitEthernet0/1
> ip access-group NO-RIP in
> !
>
> I don't see right now other options.
>
>
> Regards,
>
> Antonio Soares
> CCIE #18473, CCNP, CCIP
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Alex
> Steer
> Sent: quarta-feira, 19 de Setembro de 2007 23:36
> To: ccielab@groupstudy.com
> Subject: filtering multicast frames
>
> Hi
>
>
>
> Has anybody got an idea what I'm doing wrong here please?
>
>
>
> mac access-list extended rip
>
> deny any host 0100.5e00.0009
>
> deny any any
>
>
>
> interface FastEthernet0/24
>
> switchport access vlan 110
>
> switchport mode access
>
> mac access-group rip in
>
>
>
> Seems a simple task to me but I figure I must be missing something vital.
>
> Thanks in advance
>
>
>
> Alex
>
>
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART