From: NET HE (he_net@hotmail.com)
Date: Wed Jan 21 2009 - 20:38:06 ARST
It's normal. Extended MAC access-list on switch ports is for non-ip traffic
(arp doesn't count as IP traffic). And IP access-group on switchports is for
IP traffic. Best Regards, Net (Xin) He > From: mark.chandra@gmail.com> To:
ccielab@groupstudy.com> Subject: mac access-list> Date: Wed, 21 Jan 2009
16:08:58 +0700> > Guys,> > > > Continuing discuss about port-security the
other day, > > > > I choose to use Pavel Bykov recommendation to use mac
access-list, but what> a surprise, After I implement this configuration, it's
not really works.> > > > Why I said that "NOT REALLY WORKS". I am using > > >
> Extended MAC access list mark > > deny any any> > > > and configure it on a
port fast 0/35> > mac access-group executive in> > > > Why I use deny any,
this is to make sure I get my packet block.> > > > First I plug it, it block
my packet but when I release my address and renew> and obtain an ip address
from DHCP. It doesn't block my packet.> > > > After a while, idle on my
laptop, it blocks my packet again.> > > > Is this a normal behavior of a cisco
switch ?> > > > Regards> > > > Mark Stephanus Chandra> > > Blogs and organic
groups at http://www.ccie.net> >
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST