[c-nsp] Allow only PPPoE packets on specific vlans
Alexander Moskalenko
alex at teleportsv.net
Thu Sep 8 03:54:12 EDT 2005
Joe Maimon wrote:
> The below has worked for me in the past, mostly used on routers acting
> as NAS's
>
> #sh access-lists 201
> Type code access list 201
> permit 0x8864 0x0000
> permit 0x8863 0x0000
>
>
I tried this on Catalyst 3550
mac access-list extended PPPoE
permit any any 0x8863 0x0
permit any any 0x8864 0x0
deny any any
vlan access-map PPPoE 10
action forward
match mac address PPPoE
vlan access-map PPPoE 20
action drop
vlan filter PPPoE vlan-list x,y,z,w
First i applied it on 1 switch all was good. Then i started to apply it
to all others and when i configured the 5-th i lost ALL network.
Only vlan where control interfaces of catalysts worked.
More information about the cisco-nsp
mailing list