05-07-2012 09:41 AM - edited 03-07-2019 06:33 AM
I have HSRP running in my core between 2 routers and a switch connected to both. From my switch, I have VLANs going to end switches. I am seeing the HSPR broadcast going out all ports (as it should). I want to deny this traffic from going out to the end point switches.
I have configured a MAC Extended ACL and applied it to the ports; I say ports as first I applied at the core switch and still saw the MAC at the end switch, then I applied to the end switch and still see the MAC. What an I doing wrong? Am I missing something?
Any help would be greatly appriecated!
Tracey
Configs:
SwitcVLAN12
mac access-list extended Limit-HSRP
deny host 0000.0c07.ac0a any
permit any any
interface GigabitEthernet0/1
switchport mode trunk
mac access-group Limit-HSRP in
SwitchVlan12#sh mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
50 0000.0c07.ac32 DYNAMIC Gi0/1
50 70ca.9b15.bfda DYNAMIC Gi0/1
50 a44c.112f.3503 DYNAMIC Gi0/1
10 0000.0c07.ac0a DYNAMIC Gi0/1
10 70ca.9b15.bfda DYNAMIC Gi0/1
11 0000.0c07.ac0b DYNAMIC Gi0/1
11 70ca.9b15.bfda DYNAMIC Gi0/1
12 0000.0c07.ac00 DYNAMIC Gi0/1
12 70ca.9b15.bfda DYNAMIC Gi0/1
13 0000.0c07.ac0d DYNAMIC Gi0/1
13 70ca.9b15.bfda DYNAMIC Gi0/1
Switch1
mac access-list extended Limit-HSRP
deny host 0000.0c07.ac0a any
permit any any
interface GigabitEthernet1/0/3
description connection to GCSSwVlan12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10-31,50,80,100,200
switchport mode trunk
mac access-group Limit-HSRP in
Sw1#sh mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0c07.ac0a DYNAMIC Gi1/0/23
10 68bc.0cba.6909 DYNAMIC Gi1/0/3
10 70ca.9b15.bfda DYNAMIC Gi1/0/24
11 0000.0c07.ac0b DYNAMIC Gi1/0/23
11 68bc.0cba.6909 DYNAMIC Gi1/0/3
11 70ca.9b15.bfda DYNAMIC Gi1/0/24
12 0000.0c07.ac00 DYNAMIC Gi1/0/23
12 68bc.0cba.6909 DYNAMIC Gi1/0/3
12 70ca.9b15.bfda DYNAMIC Gi1/0/24
13 0000.0c07.ac0d DYNAMIC Gi1/0/23
13 68bc.0cba.6909 DYNAMIC Gi1/0/3
13 70ca.9b15.bfda DYNAMIC Gi1/0/24
05-07-2012 01:48 PM
I made the following changes and still get the same results! What am I doing wrong????
Switch1
mac access-list extended Limit-HSRP
deny any host 0000.0c07.ac0a
permit any any
interface GigabitEthernet1/0/3
description connection to GCSSwVlan12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10-31,50,80,100,200
switchport mode trunk
mac access-group Limit-HSRP in
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0c07.ac0a DYNAMIC Gi1/0/23
Total Mac Addresses for this criterion: 1
SwitchVALN12
mac access-list extended Limit-HSRP
deny any host 0000.0c07.ac0a
permit any any
interface GigabitEthernet0/1
switchport mode trunk
mac access-group Limit-HSRP in
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 0000.0c07.ac0a DYNAMIC Gi0/1
Total Mac Addresses for this criterion: 1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide