From: Zealist Hamamd (zealist@gmail.com)
Date: Fri Aug 01 2008 - 19:23:32 ART
Hies All,
I was trying the given senario but i am not able to do it successfuly,
Here is my config , I have 3 systems conected to a 3560 switch having ip
adds from 10.0.0.1 to 10.0.0.3
Sw config is
mac access-list extended ham12
permit host 0011.25b8.7819 any
!
vlan access-map mb 5
action forward
match mac address ham12
vlan access-map mb 10
action drop
match ip address 12
vlan access-map mb 15
action forward
!
!
vlan filter mb vlan-list 2
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
access-list 12 permit 10.0.0.3 0.0.0.0
Now,
1) According to this config , system whose mac add is given in ACL
(0011.25b8.7819=10.0.0.2) should be able to ping 10.0.0.3 and others should
not, but instead all were not able to ping.
2) kindly also tell me the "logical AND/ OR " scenario of VLAN Maps?? is it
same as Route Maps???
Regards
HR
On Tue, Jul 22, 2008 at 12:24 AM, Jack Tsai <jacknew2005@gmail.com> wrote:
> Task: block the entire subnet 10.1.1.0/24 except one host in the subnet
> with MAC: 1111.1111.1111
> Is the following configuration all right?
>
> (config)#mac access-list extended abc
> (config-ext-macl)#permit host 1111.1111.1111 any
>
> (config)#vlan access-map test 10
> (config-access-map)#match mac address abc
> (config-access-map)#action forward
> (config)#vlan access-map test 20
> (config-access-map)#match ip address 5
> (config-access-map)#action drop
> (config)#vlan access-map test 30
> (config-access-map)#action forward
>
> (config)#access-list 5 permit 10.1.1.0 0.0.0.255
>
> Thanks,
> Jack
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
-- zealist@gmail.comBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:29 ART