I have run into an interesting issue.
If I create a MAC filter such as:
mac access-list extended BLOCK3
deny host 0012.d993.d5c2 any
permit any any
I apply the access-list to the fa1/0/1 interface of the switch:
interface FastEthernet1/0/1
switchport access vlan 40
switchport mode access
mac access-group BLOCK3 in
The problem is, the access list will not block the MAC address unless I
shut/no shut the interface.
If I apply the MAC access-list to a vlan access-map it exhibits the same
behavior.
If I apply an IP access list to the interface or access-map, the change is
immediate.
Is this normal behavior for a layer 2 access-list on a switch?
Thanks,
Chris
Blogs and organic groups at http://www.ccie.net
Received on Thu Sep 09 2010 - 14:49:44 ART
This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART