Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
2
Replies

2948-L3 bridge-group input-address-list not working

Go to solution
noc
Level 1
Level 1

‎10-10-2003 10:24 PM - edited ‎03-02-2019 10:56 AM

when you configure a bridge-group (to make a

2948-L3 more like a switch)

and try to allow only 1 mac address per port, using

the interface command,

2948-L3(Config-if)#bridge-group 10 input-address-list 701

(where 701 is a mac address access list), it does

not work.. the only way I have been able to do this,

is to apply to a software interface, like port-channel 1)

Can you apply these on a 2948-L3, (it of course works great on a router)..

What I need to do is port security (like a 3550)

on a 2948-L3, where only 1 IT dept approved mac

can get on any fastethernet port.

I apply the input-address-list and nothing is blocked.... Any mac can still transmit (security

does not work) Please help !

bridge irb

!

!

!

!

interface FastEthernet1

no ip address

no ip directed-broadcast

bridge-group 10

bridge-group 10 input-address-list 701

bridge-group 10 spanning-disabled

!

access-list 701 permit 0001.e69f.3015 0000.0000.0000

access-list 701 deny 0000.0000.0000 ffff.ffff.ffff

!

!

interface BVI10

ip address 10.10.10.1 255.255.255.0

no ip directed-broadcast

!

!

bridge 10 protocol ieee

bridge 10 route ip

bridge 10 priority 60000

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.seetharaman
Level 1
Level 1

‎10-11-2003 12:11 AM

Hi,

Catalyst 2948G L3 dosin't support data-plane access list on its 48 10/100 ports. It supports only Control-plane access list on these ports. The 2 GBIC ports supports data-plane access list.

Control-plane access lists are access lists that can be implemented in software via the CPU. These access lists can be applied to any packets that are forwarded to the CPU such as routing updates and IPX RIPs and SAPs. Data-plane access lists are access lists that are applied to unicast packets between two hosts. These packets are switched in hardware and require specific hardware that is only resident on the two Gigabit Ethernet ports on the Catalyst 2948G-L3.

Pls. refer the below URL for more details.

http://www.cisco.com/en/US/partner/products/hw/switches/ps606/products_qanda_item09186a0080092864.shtml

View solution in original post

0 Helpful
2 Replies 2

Go to solution
a.seetharaman
Level 1
Level 1

‎10-11-2003 12:11 AM

Hi,

Catalyst 2948G L3 dosin't support data-plane access list on its 48 10/100 ports. It supports only Control-plane access list on these ports. The 2 GBIC ports supports data-plane access list.

Control-plane access lists are access lists that can be implemented in software via the CPU. These access lists can be applied to any packets that are forwarded to the CPU such as routing updates and IPX RIPs and SAPs. Data-plane access lists are access lists that are applied to unicast packets between two hosts. These packets are switched in hardware and require specific hardware that is only resident on the two Gigabit Ethernet ports on the Catalyst 2948G-L3.

Pls. refer the below URL for more details.

http://www.cisco.com/en/US/partner/products/hw/switches/ps606/products_qanda_item09186a0080092864.shtml

0 Helpful

Go to solution
noc
Level 1
Level 1
In response to a.seetharaman

‎10-11-2003 12:14 AM

Great Answer ! Thanks !

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card