07-26-2006 10:40 PM - edited 03-03-2019 04:15 AM
Hi Sir,
I have an existing Catalyst 3550 (EMI IOS IMAGE feature set) with the following MAC ACL configured:
!
mac access-list extended pppoe-mac
permit any any 0x8863 0x0
permit any any 0x8864 0x0
!
interface FastEthernet0/1
mac access-group pppoe-mac in
!
Going to migrate the configuration to a Catalyst 4507R (BASIC L3 3DES (RIP,ST.ROUTES,IPX,AT) feature set). Somehow, the MAC ACL command is different on the C4507R, as follows:
C4507R(config-ext-macl)#permit any any protocol-family ?
appletalk
arp-non-ipv4
decnet
ipx
ipv6
rarp-ipv4
rarp-non-ipv4
vines
xns
The "permit any any" is followed only by "protocol-family". If I configure any of the following options, the next is to press <CR>. There's nowhere to key in the EtherType in hex.
Attached is the comparison of the features on both switches, using Feature Navigator. I don't see any feature difference that causes the above problem.
Please help.
Thank you.
B.Rgds,
Lim TS
07-27-2006 12:13 AM
Unfortunately, I think this platform does not support full parsing of the ether-type as the limitation is in the way the current port ASICs pass the Ethertype. They basically parse and relay only a subset of all the possible Ethertype values. I am not positive on this platform but PFC2 had the same limitation in which the full ether-type was also parsed out.
Meanwhile on PFC3 based systems you will be able to parse an arbitrary ethernet-type. So basically you have full parsing of the ethernet-type on PFC3 in the range of <0x0-0xFFFF> and obviously on 3550's ASIC as well.
I am afraid you will have to either get a sup720 or go bakc to 3550.
Please rate helpful posts.
08-02-2006 09:06 AM
Hi,
Thanks for your reply.
Are you able to provide me any supporting document that shows the limitation of the C4507R to support full parsing of the ethertypes, before I open TAC case?
My customer is connecting his PPPoE customers to the switchports and need to allow only PPPoE ethertypes. Else, without the MAC ACL on the C4507R, my customer is complaining he's seeing many broadcasts into the ports.
Please help.
Thank you.
B.Rgds,
Lim TS
08-02-2006 09:39 AM
My supporting docs are internal. Maybe TAC have something external but I have not been able to find them.
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide