Hi, Albrt !Try to use SPAN

Albert Wong · ‎12-17-2014

Hello,

I need for a machine to be able to receive broadcasts on the VLAN it is attached to but not transmit to the VLAN.The machine is attached to a Catalyst 4948-E with enterprise feature set and also tried base feature set.

I have tried to follow many of the examples on this page:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/53SG/configuration/config/secure.html#wp1069375

The best result I can get is for the permit but not transmit.

*updated* from

interface GigabitEthernet1/35
switchport access vlan 100

*updated* to

interface GigabitEthernet1/35

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 712,830
switchport mode trunk

mac access-list extended list-hosts
deny host 60a4.4c3f.4a73 any

vlan access-map drop-filter 10
action drop
match mac address list-hosts

vlan access-map drop-filter 20
action forward

vlan filter drop-filter vlan-list 100

Jon Marshall · ‎12-17-2014

Albert

The best result I can get is for the permit but not transmit

Not sure what you mean by this.

So you want the host to be able to receive traffic but not send any traffic, is that correct ?

If so you could try using these instead -

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/53SG/configuration/config/secure.html#wp1071428

Jon

Albert Wong · ‎12-21-2014

Jon,

How you allocated PACLs to a port which is trunked and the server sits on 3 VLANs using the 1 port?

kravetspd · ‎12-17-2014

Hi, Albrt !

Try to use SPAN session. This feature really helpful for allowing only receive traffic.

http://www.cisco.com/c/en/us/tech/lan-switching/port-monitoring/index.html

Albert Wong · ‎12-21-2014

Hi,

The slight issue is that, I think there is a maximum number of span ports I can have... right?

Filtering MAC address to VLAN using VLAN MAPS and VLAN Filter on 4948.