05-04-2008 11:48 AM - edited 03-05-2019 10:45 PM
Calalyst 3650 (IOS 12.2(25)SEE2) as a L2 switch.
I want to block all L2 traffic between two MAC addresses.
One MAC is a IP-Phone and the other MAC is the local Voice Gateway. IP-Phone and Voice-Gateway are both in VLAN 10. Both MACs are attached via VLAN Trunks:
!
interface FastEthernet0/34
description IP-Phone
switchport access vlan 50
switchport mode access
switchport nonegotiate
switchport voice vlan 10
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/1
description Voice-Gateway
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
!
MAC addresses are taken from mac-address-table and double-checked;-)
I set up a VLAN filter as described in:
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_exampl
e09186a0080470c39.shtml
sw05(config)#mac access-list extended srst
sw05(config-ext-macl)#permit host 0090.0b08.0507 host 001a.2f80.33cd
sw05(config-ext-macl)#exit
sw05(config)#vlan access-map block-srst
sw05(config-access-map)#action drop
sw05(config-access-map)#match mac address srst
sw05(config-access-map)#exit
sw05(config)#vlan access-map block-srst 20
sw05(config-access-map)#action forward
sw05(config-access-map)#exit
sw05(config)#do sh vlan access-map
Vlan access-map "block-srst" 10
Match clauses:
mac address: srst
Action:
drop
Vlan access-map "block-srst" 20
Match clauses:
Action:
forward
sw05(config)#
sw05(config)#vlan filter block-srst vlan-list 10
sw05(config)#
But this filter doesn't work.
Do you have any ideas?
05-04-2008 01:12 PM
It works!
You only have to ad a second entry in the ACL and pay a little patience.
I have modified the ACL for matching both directions:
!
mac access-list extended srst
permit host 0090.0b08.0507 host 001a.2f80.33cd
permit host 001a.2f80.33cd host 0090.0b08.0507
!
You have to save the configuration (wr) and wait for approx. 5 minutes. Then it works. Clearing the mac-address-table may help...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide