Sup yalls. I'm looking to wildcard block mac addys, and only permit a
specific vendor OID. I'm looking at an 1841 with the 4 port SW module
installed. Unfortunately, you do not have VACL features on HWIC-4ESW.
But overall, this has perked my curiosity on if it's even possible to do
diverse L2 filters on a Cisco router.
Router(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1100-1199> Extended 48-bit MAC address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<700-799> 48-bit MAC address access list
compiled Enable IP access-list compilation
dynamic-extended Extend the dynamic ACL absolute timer
rate-limit Simple rate-limit specific access list
The 700-799 series Mac ACL appears to be legacy and from the examples I've
seen only works on bridge interfaces, which is a damn shame.
Technically, I could get away with a QOS policy-map to drop mac traffic, but
it only works with a single mac statement, and not a wildcard range.
For example, this works:
class-map match-any macfilter
match source-address mac 0017.e0bf.ebe0
!
policy-map macfilter
class macfilter
drop
And, this does not:
access-list 705 permit 0017.e0bf.ebe0 0000.0000.0000
class-map match-any macfilter
match access-group 705
policy-map macfilter
class macfilter
drop
Well that's pretty lame. I can get mac-filtering to work on a linux router,
and I'm betting a Juniper router, and probably even my windows xp box!!
Anyone have any to secret methods to accomplish this on a Cisco router?
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 24 2010 - 10:35:40 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:38 ART