Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
5
Helpful
1
Replies

vlan filter ?

philth_123_2
Level 1
Level 1

‎07-21-2008 07:24 AM - edited ‎03-06-2019 12:19 AM

I have a router connected to a 3550 switch. The router is in vlan 55. I want to limit communication on vlan 55 to the mac addresses of the routers E0 int (0000.0c0a.38c4) and the mac address of the switch (000d.29ce.0180).

I have the following config:

mac access-list extended R1_mac

permit host 000d.29ce.0180 host 0000.0c0a.38c4

permit host 0000.0c0a.38c4 host 000d.29ce.0180

permit any host ffff.ffff.ffff

vlan access-map restrict_vlan55_0000.0c0a.38c4 10

action forward

match mac address R1_mac

vlan access-map restrict_vlan55_0000.0c0a.38c4 20

action drop

vlan filter restrict_vlan55_0000.0c0a.38c4 vlan-list 55

When I attempt to ping from the switch to the router interface I get timed out.

If I remove the vlan filter pings are good.

I have monitored the switch port connected to vlan 55 and can see my ARP request getting a response. I can also see the echo request and reply packets. However the vlan filter still appears to be blocking the ICMP response packet.

Any ideas ?

Labels:
0 Helpful
1 Reply 1

srue
Level 7
Level 7

‎07-21-2008 07:44 AM

mac extended acl's are only for non-ip traffic.

"Use the mac access-list extended global configuration command to create an access list based on MAC addresses for non-IP traffic."

use a normal ip ext. acl.

Customers Also Viewed These Support Documents