Re: mac access-list

From: Jack Tsai (jacknew2005@gmail.com)
Date: Tue Jul 22 2008 - 09:38:36 ART

• Next message: Larry: "Re: RIP route filtering using Extended ACL"
• Previous message: Dinesh Patel: "Re: tunnel recursive routing"
• Maybe in reply to: Jack Tsai: "mac access-list"
• Next in thread: Paul Cosgrove: "Re: mac access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Please comment on the following:
(1) in the end of mac access-list extended abc, a "deny any any" is
implicitly added
(2) therefore, vlan access-map test 10 will drop everything but the host
1111.1111.1111
(3) vlan access-map test 20 and access-map test 30 will not be executed

Thanks,
Jack

Jack Tsai wrote:
> Task: block the entire subnet 10.1.1.0/24 except one host in the
> subnet with MAC: 1111.1111.1111
> Is the following configuration all right?
>
> (config)#mac access-list extended abc
> (config-ext-macl)#permit host 1111.1111.1111 any
>
> (config)#vlan access-map test 10
> (config-access-map)#match mac address abc
> (config-access-map)#action forward
> (config)#vlan access-map test 20
> (config-access-map)#match ip address 5
> (config-access-map)#action drop
> (config)#vlan access-map test 30
> (config-access-map)#action forward
>
> (config)#access-list 5 permit 10.1.1.0 0.0.0.255
>
> Thanks,
> Jack

• Next message: Larry: "Re: RIP route filtering using Extended ACL"
• Previous message: Dinesh Patel: "Re: tunnel recursive routing"
• Maybe in reply to: Jack Tsai: "mac access-list"
• Next in thread: Paul Cosgrove: "Re: mac access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART