vlan access-map question

From: Roger RPF (rpf@bluemail.ch)
Date: Sat Jan 17 2009 - 09:26:55 ARST

• Next message: Wouter Prins: "BGP: suppress-map vs unsuppress-map and logic"
• Previous message: GAURAV MADAN: "Re: Well I went to RTP yesterday and.........."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

If a task says that I should only allow netbios over TCP/IP packets, on for
example vlan13, for the subnet 1.1.1.0/24. To be configured on the
Cat-Switch

My first question: Can I have multiple match statements in a VLAN access-map
like:

mac access-list extended netbiosmac
 permit any any netbios
!
ip access-list standard netbios
 permit 1.1.1.0 0.0.0.255
!
vlan access-map netbios 10
 action forward
 match mac address netbiosmac
 match ip address netbios
vlan access-map netbios 20
 action drop
!
vlan filter test vlan-list 13

Or should I just configure it with the vlan-access map matching on a
extended access-list referencing also the port-number for netbios??

I'm note 100% sure regarding the DocD which says:

"Packets are matched only against access lists of the same protocol type; IP
packets are matched against IP access lists, and all other packets are
matched against MAC access lists."

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
2.2_44_se/command/reference/cli1.html#wpxref84638

Thanks in advance

Roger

Blogs and organic groups at http://www.ccie.net

• Next message: Wouter Prins: "BGP: suppress-map vs unsuppress-map and logic"
• Previous message: GAURAV MADAN: "Re: Well I went to RTP yesterday and.........."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:38 ARST