[c-nsp] VACL does not work on 6509
Vikas Sharma
vikassharmas at gmail.com
Fri Jun 9 10:15:48 EDT 2006
Hi,
I have configured VACL on 3500 switch and it was working fine. The same
configuration when I have applied to 6509, it did not accepted. After the
statement "vlan access-map deny_spurious 20" and action "forward" in 6509 it
askes for match command (it removes the valn access-map deny_spurious 20
automatically stating no match command found after ctrl +Z) while in 3500
switch it accept it. any clue??
Pls find the 3552 configuration attached..it does not work on 6509 (for
VACL)
sh runn
Building configuration...
Current configuration : 2910 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ts
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
--More-- ��������� ���������spanning-tree extend system-id
!
!
vlan access-map deny_spurious 10
action drop
match ip address 185
vlan access-map deny_spurious 20
action forward
vlan internal allocation policy ascending
!
vlan filter deny_spurious vlan-list 200
!
vlan 10,20-21,100,200
!
!
interface GigabitEthernet1/0/1
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 200
--More-- ��������� ��������� switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/9
--More-- ��������� ��������� switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
--More-- ��������� ���������interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
--More-- ��������� ���������!
interface Vlan1
no ip address
!
interface Vlan200
ip address 192.168.1.1 255.255.255.0
!
ip classless
ip http server
!
!
access-list 185 permit tcp any any eq 135
access-list 185 permit tcp any any eq 136
access-list 185 permit tcp any any eq 137
access-list 185 permit tcp any any eq 138
access-list 185 permit tcp any any eq 139
access-list 185 permit udp any any eq 135
access-list 185 permit udp any any eq 136
access-list 185 permit udp any any eq netbios-ns
access-list 185 permit udp any any eq netbios-dgm
access-list 185 permit udp any any eq netbios-ss
access-list 185 permit udp any any eq 445
access-list 185 permit tcp any any eq 445
--More-- ��������� ���������!
control-plane
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
!
monitor session 1 source interface Gi1/0/10
monitor session 1 destination interface Gi1/0/24
!
end
Switch#
More information about the cisco-nsp
mailing list