[c-nsp] PVLAN
Asbjorn Hojmark - Lists
lists at hojmark.org
Thu Jun 29 18:12:09 EDT 2006
> Remember that all these providers connect to me on the same
> vlan.
Why?
Change it to multiple routed interfaces (one per peer) and you
have full control. If, in the future, you want to allow them to
exchange traffic via you, set up a BGP policy to reflect that.
L3 is Good(TM).
Anyway, if you insist on filtering within a VLAN on the switch,
then you should look at VACLs (VLAN Access Control Lists, also
called VLAN access-maps). That's what they're for. And yes, you
can filter on MAC addresses.
-A
More information about the cisco-nsp
mailing list