Ivan,
It's probably broken up for clarity. When they are compiled together and run from hardware, I doubt there is much difference between a map with five statements and yours with three.
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ivan
Sent: Thursday, April 09, 2009 11:23 PM
To: ccielab_at_groupstudy.com
Subject: VLAN access-map?
Hi,
when you configure VLAN access-map for a certain vlan and you have task like
this:
drop all IP between two hosts
drop all UDP communication for all hosts
drop all TCP communication between two hosts
drop MAC packets with DECNet-IV
forward all other IP and non-IP
QUESTION: Can you put first four lines in JUST ONE ip access-list and fifth
line in mac access-list:
ip access-list ext BLA
permit ip host H1 host H2
permit ip host H2 host H1
permit udp any any
permit tcp host H1 host H2
permit tcp host H2 host H1
mac access-list ext BLABLA
permit any any decnet-iv
And than:
vlan access-map XXX 10
match ip address BLA
drop
vlan access-map XXX 20
match mac address BLABLA
drop
vlan access-map XXX 100
I'm asking this cause in literature they would made 3 IP ACLs, one MAC ACL
and 5 vlan access-map statements for this task??
Thanks
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 10 2009 - 00:24:03 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART