cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1757
Views
0
Helpful
4
Replies

Filtering MAC address to VLAN using VLAN MAPS and VLAN Filter on 4948.

Albert Wong
Level 1
Level 1

Hello,

 

I need for a machine to be able to receive broadcasts on the VLAN it is attached to but not transmit to the VLAN.The machine is attached to a Catalyst 4948-E with enterprise feature set and also tried base feature set.

 

I have tried to follow many of the examples on this page:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/53SG/configuration/config/secure.html#wp1069375

 

The best result I can get is for the permit but not transmit.

 

*updated* from

interface GigabitEthernet1/35
 switchport access vlan 100

*updated* to

interface GigabitEthernet1/35

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 712,830
 switchport mode trunk

 

mac access-list extended list-hosts
 deny host 60a4.4c3f.4a73 any

 

vlan access-map drop-filter 10
 action drop
 match mac address list-hosts

vlan access-map drop-filter 20
 action forward

vlan filter drop-filter vlan-list 100

 

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Albert

The best result I can get is for the permit but not transmit

Not sure what you mean by this.

So you want the host to be able to receive traffic but not send any traffic, is that correct ?

If so you could try using these instead -

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/53SG/configuration/config/secure.html#wp1071428

Jon

Jon, 

             How you allocated PACLs to a port which is trunked and the server sits on 3 VLANs using the 1 port?
 

kravetspd
Level 1
Level 1

Hi, Albrt !

Try to use SPAN session. This feature really helpful for allowing only receive traffic.

http://www.cisco.com/c/en/us/tech/lan-switching/port-monitoring/index.html

Hi,

The slight issue is that, I think there is a maximum number of span ports I can have... right?

Review Cisco Networking for a $25 gift card