[nsp] SNA/LLC2 filtering on Cat 6k
Rubens Kuhl Jr.
rubens at email.com
Fri Jul 2 08:20:54 EDT 2004
Following on my own post, specific ethertype filtering can be done using
0x<ethertype>, not etype-<ethertype>, as in the following example (courtesy
of a local Cisco SE) :
mac access-list extended SNA
permit any any 0x80d5
deny any any
!
!
vlan access-map SNA-VACL 10
match mac address SNA
action forward
!
vlan filter SNA-VACL vlan-list 100
This is only supported on Sup2 and Sup720, and only with Native IOS 12.2SX,
see
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/i1.htm#wp1197577
I still haven't confirmed that LLC2 SNA traffic uses ethertype 80d5...
tcpdump will be my friend on this one, I guess.
Rubens
----- Original Message -----
From: "Rubens Kuhl Jr." <rubens at email.com>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, June 22, 2004 3:50 PM
Subject: [nsp] SNA/LLC2 filtering on Cat 6k
Hi.
Is it possible to filter out SNA/LLC2 traffic with MAC access-lists on Cat
6k (Sup 720) ? The docs aren't clear if you can or cannot specify an
ethertype that is not listed (xns, lat etc.) as etype-80d5 (for instance),
and I couldn't figure out if LLC2 uses IANA-assigned SNA ethertype (0x80d5).
More information about the cisco-nsp
mailing list