I wanted to stop communication between PC1 & PC2 where PC1 is in VLAN 10 and PC2 is in VLAN 20 and applied the following configuration
mac access list extended MAC_FILTER
permit host <mac of PC1> host <mac of PC2>
vlan access-map FILTER_MAP 10
match mac address MAC_FILTER
vlan access-map FILTER_MAP 20
and then applied this filter on vlan 10
vlan filter FILTER_MAP vlan-list 10
The communication between PC1 & PC2 does not stop with this configuration; what is wrong with this configuration.
This configuration was applied on Catalys 4500 with sup 6L-E and both PCs are connected directly to Cat 4500.
Solved! Go to Solution.
have you tried Private VLANs?
With a Private VLAN the main VLAN (Primary) can be logically associated with special unidirectional, or secondary, VLAN. Host associated with a secondary VLAN can communicate with ports on the primary VLAN but none with another secondary VLAN. So need to confgure the two ports that you want to isolate in a private VLAN (secondary) and then configure the trunk port as primary...
You can find more info here: http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml#private_vlans
Hope this can help,
You had it right; you just applied the filter to the wrong VLAN
vlan filter FILTER_MAP vlan-list 10 (change to) vlan filter FILTER_MAP vlan-list 20
Look at your statements, "I wanted to stop communication between PC1 & PC2 where PC1 is in VLAN 10 and PC2 is in VLAN 20 and applied the following configuration."
You applied the filter to the source of the traffic; the destination does not reside in that VLAN.
Hope that helps.