No worky!
On Thu, Jun 24, 2010 at 10:43 AM, Adrian Brayton <abrayton_at_gmail.com> wrote:
> Something like this wont work for you?
>
>
> access-list 700 permit 1111.1112.1112 0000.0000.0000
> access-list 700 permit 1111.1112.1113 0000.0000.0000
>
> class-map match-all GS
> match access-group 700
> !
> !
> policy-map GS
> class GS
> drop
>
> On Jun 24, 2010, at 2:35 PM, Networking Dude wrote:
>
> > Sup yalls. I'm looking to wildcard block mac addys, and only permit a
> > specific vendor OID. I'm looking at an 1841 with the 4 port SW module
> > installed. Unfortunately, you do not have VACL features on HWIC-4ESW.
> >
> >
> > But overall, this has perked my curiosity on if it's even possible to do
> > diverse L2 filters on a Cisco router.
> >
> > Router(config)#access-list ?
> > <1-99> IP standard access list
> > <100-199> IP extended access list
> > <1100-1199> Extended 48-bit MAC address access list
> > <1300-1999> IP standard access list (expanded range)
> > <200-299> Protocol type-code access list
> > <2000-2699> IP extended access list (expanded range)
> > <700-799> 48-bit MAC address access list
> > compiled Enable IP access-list compilation
> > dynamic-extended Extend the dynamic ACL absolute timer
> > rate-limit Simple rate-limit specific access list
> >
> >
> > The 700-799 series Mac ACL appears to be legacy and from the examples
> I've
> > seen only works on bridge interfaces, which is a damn shame.
> >
> > Technically, I could get away with a QOS policy-map to drop mac traffic,
> but
> > it only works with a single mac statement, and not a wildcard range.
> >
> > For example, this works:
> >
> > class-map match-any macfilter
> > match source-address mac 0017.e0bf.ebe0
> > !
> > policy-map macfilter
> > class macfilter
> > drop
> >
> > And, this does not:
> >
> >
> > access-list 705 permit 0017.e0bf.ebe0 0000.0000.0000
> > class-map match-any macfilter
> > match access-group 705
> >
> > policy-map macfilter
> > class macfilter
> > drop
> >
> >
> > Well that's pretty lame. I can get mac-filtering to work on a linux
> router,
> > and I'm betting a Juniper router, and probably even my windows xp box!!
> > Anyone have any to secret methods to accomplish this on a Cisco router?
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 24 2010 - 13:14:47 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:38 ART