From: Jeff Andiorio (jandiorio@gmail.com)
Date: Wed Mar 25 2009 - 08:52:01 ART
Pavel,
Could you elaborate on your statement...
If you look at the mac access-list there is really no way to get
specific with IP protocols, but you could filter all IPv4/IPv6 with a
mac access-list using ethertype 0800 or 86dd. You could also filter
all ip traffic from a particular host, but allow non-ip traffic.
Also, maybe you are speakiing of QoS classification using ACLs which
the docs do specify that you cannot use a mac access-list for ip
traffic classification.
Jeff
On Wed, Mar 25, 2009 at 7:18 AM, Carlos G Mendioroz <tron@huapi.ba.ar> wrote:
> Hmmm, that's not the way I see it.
>
> The link says:
> Use the mac access-list extended global configuration command to
> create an access list based on MAC addresses for non-IP traffic.
>
> which I read as:
> Given that in non IP traffic you have no way to apply IP based lists,
> you may use mac based list to do something.
>
> But this does by no mean imply that it ONLY works on non IP traffic.
> And in fact it does work on IP traffic at least on a 2950.
> (Don't have a 3560 to test handy, but it would surprise me if it behaved
> differently)
>
> -Carlos
>
>
>
> Pavel Bykov @ 24/03/2009 21:47 -0200 dixit:
>> One of the very important things to consider, is that MAC access-list
>> applies ONLY to non-ip traffic:
>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/command/reference/cli1.html#wp9666484
>>
>>
>> On Sat, Mar 21, 2009 at 8:24 PM, Raghav Bhargava <raghavbhargava12@gmail.com
>>> wrote:
>>
>>> Hi Bhuvanesh,
>>> MAC Access List are applied for L2 Traffic whereas IP Access-list is
>>> applied
>>> for L3 Traffic. If you have both applied on your switch Mac-Access list
>>> takes precedence over Ip access list.
>>>
>>> regards
>>> raghav
>>>
>>> On Sat, Mar 21, 2009 at 12:49 AM, Bhuvanesh Rajput <ashu2084@gmail.com
>>>> wrote:
>>>> Hi guys,
>>>>
>>>> Please through some light on my doubts.........
>>>>
>>>> a>> on the switch, when/where (l2 interface / vlan) can we use mac
>>>> address-list, ip access-list and vlan map.?
>>>>
>>>> b>>can we apply mac access-list , ip access-list and vlan map
>>>> altogether on a sigle L2 interface /vlan (svi)?
>>>>
>>>> c>>in which direction mac access-list take precedence when ip
>>>> access-list and vlan map also configured on the interface/vlan.
>>>>
>>>> d>> if all three applied on the l2 interface/vlan(svi) then what
>>>> would be the execution sequence??
>>>>
>>>> Cheers!
>>>> Bhuvanesh
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Warm Regards
>>> Raghav
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:07 ART