RE: [nsp] Access list 700 (IOS Bug??)

From: Steven Godfrey (steven.godfrey@intechnology.co.uk)
Date: Mon Mar 05 2001 - 05:08:29 EST

Next message: Marc Williams: "pvlan's"
Previous message: Shankar Vemulapalli: "Re: [nsp] the max router quantity in ospf backbone area"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

> -----Original Message-----
> From: Jeffrey Wacaser [mailto:jwacaser@thrupoint.net]
> Sent: Friday March 2001 23:35
> To: steven.godfrey@intechnology.co.uk
> Subject: Re: [nsp] Access list 700
>
>
> Do you have layer 3 addresses defined on the interface? I
> believe mac
> filters will only filter bridged traffic.

No the 8540 is doing pure layer 2 .
The interfaces are in a bridge group and have the output address list
applied.

>My only other
> thought would
> be to verify whether mask or wild card mask are what you need to
> specify. I can't remember which is correct.

You apply the mask in the access list as below, the config is copied from
the Cisco site and I have simply added my own mac addresses.

I have made the very same config work by adding a 3620 in between the hosts
I want to filter between and let the 3620 do the access list.
That worked?

What I want to acheive is that CUST1 and CUST2 will only be able to send
data to ADSM.
The access list permits only the one mac address and the mac broadcast to
allow the initial arp to work.

The set up was as follows:

                                                CUST2
                                           /
                                          /
Cust1---filter-brdg-------------8540
                                  \
                                           \
                                             ADSM

All I want to do is use the 8540 to do the filtering:
          CUST1
         /
       /
8540----ADSM
      \
       \
        CUST2

Any further input would be greatly appreciated.

Cheers.

> Steven Godfrey wrote:
>
> > Hi,
> > I have a problem with a Cisco 8540, I have applied an access list to
> filter
> > mac addresses.
> > Basically I need to allow access to one box only.
> >
> > I have the following config:
> >
> > bridge 1 protocol ieee
> >
> > access-list 700 permit c8a2.2541.0125 0000.0000.0000
> > access-list 700 permit FFFF.FFFF.FFFF 0000.0000.0000
> > access-list 700 deny 0000.0000.0000 FFFF.FFFF.FFFF
> >
> > on the interfaces I want to apply the filter I'm putting:
> >
> > bridge-group 1 output-address-list 700
> >
> > All the documentation I can find say this should work, but it does
> not.
> >
> > I have tried this on several IOS versions but still get the same
> result.
> >
> > Does any one have any suggestions??
> >
> > Thanks in advance.
> >
> >
>

Next message: Marc Williams: "pvlan's"
Previous message: Shankar Vemulapalli: "Re: [nsp] the max router quantity in ospf backbone area"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:30 EDT