[nsp] SNA/LLC2 filtering on Cat 6k

Rubens Kuhl Jr. rubens at email.com
Fri Jul 2 08:20:54 EDT 2004


Following on my own post, specific ethertype filtering can be done using
0x<ethertype>, not etype-<ethertype>, as in the following example (courtesy
of a local Cisco SE) :

mac access-list extended SNA
  permit any any 0x80d5
  deny   any any
!
!
vlan access-map SNA-VACL 10
 match mac address SNA
 action forward
!
vlan filter SNA-VACL vlan-list 100

This is only supported on Sup2 and Sup720, and only with Native IOS 12.2SX,
see
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/i1.htm#wp1197577


I still haven't confirmed that LLC2 SNA traffic uses ethertype 80d5...
tcpdump will be my friend on this one, I guess.


Rubens



----- Original Message ----- 
From: "Rubens Kuhl Jr." <rubens at email.com>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, June 22, 2004 3:50 PM
Subject: [nsp] SNA/LLC2 filtering on Cat 6k



Hi.

Is it possible to filter out SNA/LLC2 traffic with MAC access-lists on Cat
6k (Sup 720) ? The docs aren't clear if you can or cannot specify an
ethertype that is not listed (xns, lat etc.) as etype-80d5 (for instance),
and I couldn't figure out if LLC2 uses IANA-assigned SNA ethertype (0x80d5).



More information about the cisco-nsp mailing list