[c-nsp] mac filtering on SVI
MKS
rekordmeister at gmail.com
Tue Apr 3 08:02:34 EDT 2012
Hi
In a 7600, I have a trunk port and one of the vlans allowed on the
trunk is a SVI (routed L3 interface)
Now I would like to filter clients on this vlan based on mac addresses
(allow certain range of addresses and block all other)
There is already a ip access-list on the L3 interface,
I have tried to just vacl but it doesn't work (and probably isn't
suppose to) , I can't use pacl on the switchport since I only what to
filter this specific vlan not all other vlans.
Can this be solved on the 7600?
Regards
Josef
config example
interface GigabitEthernet3/3
description test3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 123,777
switchport mode trunk
interface Vlan777
ip address 61.61.61.1 255.255.255.0
ip helper-address 1.1.1.1
ip access-group 111 in
==========================
vacl test:
mac access-list ext filter
permit 0001.aa00.0000 0000.00ff.ffff any
vlan access-map vlan_filter 10
match mac address filter
action forward
vlan filter vlan_filter vlan-list 777
======================
int g3/3
mac access-group filter in
More information about the cisco-nsp
mailing list