Re: mac access-list

From: Scott Strobeck (scott@strobeck.net)
Date: Mon Jul 21 2008 - 18:18:25 ART

• Next message: Sadiq Yakasai: "Re: mac access-list"
• Previous message: John Wayne: "Re: For those who haven't seen this: "Rogue" network admin"
• Maybe in reply to: Jack Tsai: "mac access-list"
• Next in thread: Sadiq Yakasai: "Re: mac access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jack, that looks right to me. You just need to apply this to the
correct vlan. Example, if 10.1.1.0/24 is hanging off a port assigned to
vlan 10, then the command would be "vlan filter test vlan-list 10".

Scott

Jack Tsai wrote:
> Task: block the entire subnet 10.1.1.0/24 except one host in the
> subnet with MAC: 1111.1111.1111
> Is the following configuration all right?
>
> (config)#mac access-list extended abc
> (config-ext-macl)#permit host 1111.1111.1111 any
>
> (config)#vlan access-map test 10
> (config-access-map)#match mac address abc
> (config-access-map)#action forward
> (config)#vlan access-map test 20
> (config-access-map)#match ip address 5
> (config-access-map)#action drop
> (config)#vlan access-map test 30
> (config-access-map)#action forward
>
> (config)#access-list 5 permit 10.1.1.0 0.0.0.255
>
> Thanks,
> Jack
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Sadiq Yakasai: "Re: mac access-list"
• Previous message: John Wayne: "Re: For those who haven't seen this: "Rogue" network admin"
• Maybe in reply to: Jack Tsai: "mac access-list"
• Next in thread: Sadiq Yakasai: "Re: mac access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART