From: Ramy Sisy (ramysisy@inspiredmaster.com)
Date: Mon Jul 21 2008 - 18:19:44 ART
Hi Jack,
Looks fine for me, but you have to apply this vlan access-map to an existing
vlan to start filter matching traffic.
BEST REGARDS,
RAMY SISY, CCIE X 2 (SECURITY, ROUTING/SWITCHING)#17321, CCSI#30417
CCIE PROGRAM MANAGER
INSPIRED MASTER
INSPIRING CREATIVE THINKING ....
WWW.INSPIREDMASTER.COM
E. RAMYSISY@INSPIREDMASTER.COM
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Jack
Tsai
Sent: Monday, July 21, 2008 12:25 PM
To: Cisco certification
Subject: mac access-list
Task: block the entire subnet 10.1.1.0/24 except one host in the subnet
with MAC: 1111.1111.1111
Is the following configuration all right?
(config)#mac access-list extended abc
(config-ext-macl)#permit host 1111.1111.1111 any
(config)#vlan access-map test 10
(config-access-map)#match mac address abc
(config-access-map)#action forward
(config)#vlan access-map test 20
(config-access-map)#match ip address 5
(config-access-map)#action drop
(config)#vlan access-map test 30
(config-access-map)#action forward
(config)#access-list 5 permit 10.1.1.0 0.0.0.255
Thanks,
Jack
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART