[c-nsp] I can't seem to get this 3750 to properly filter IPv6 on a VLAN ACL.

Klaus Kastens kka at netuse.de
Wed Apr 25 16:46:30 EDT 2012


Hi Paul,

> > mac access-list extended macl-ipv6
> >  deny   any any 0x86DD 0x0
> >  permit any any

IRC MAC ACLs on CAT2K/3K (12.2SE) only match "non-IP" traffic.
IPv4 packets match only in the IP ACL,
IPv6 packets match only in the IPv6 ACL.

So even with a "deny any any" in the MAC ACL IPv4 and IPv6 packets
won't be blocked. (IPv4 won't work because ARP will match under non-IP)


 Best regards,
 Klaus Kastens

-- 
Klaus Kastens                                               NetUSE AG
Dr.-Hell-Str. 6, D-24107 Kiel,                                Germany
Fon: +49 431 2390 400 (07:00 UTC - 17:00 UTC)
Fax: +49 431 2390 499











Vorstand: Dr. Joerg Posewang (Vorsitz), Dr. Roland Kaltefleiter, Andreas Seeger
Aufsichtsrat: Dr. Dirk Lukas (Vorsitz)
Sitz der AG: Kiel, HRB 5358 USt.ID: DE156073942

Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen.
Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der
enthaltenen Informationen ist nicht gestattet.

The information contained in this message is confidential or protected by
law. Any unauthorised copying of this message or unauthorised distribution
of the information contained herein is prohibited.



More information about the cisco-nsp mailing list