[c-nsp] MAC ACL on CBS3020

Gert Doering gert at greenie.muc.de
Sat Dec 27 11:00:40 EST 2014


On Wed, Dec 24, 2014 at 03:36:39PM +0100, Lukas Tribus wrote:
> > ... and that did exactly nothing, as in "packets continue to flow" and
> > "show access-list hardware counter" shows exactly no "Drop" hits either.
> Iirc, at least on some platforms, mac access-list only match non-IP traffic. So when we are talking IP (or IPv6) traffic, you probably wanna try an actual IP access-list (an ipv6 access-list in this case).

No IPv6 access-list support on CBS3020...

> You may need to apply such ACLs to the vlan (via vlan-maps), not directly to the port.
> But this is very platform specific, so YMMV.

Very platform specific indeed, the CBS3020 doesn't *have* vlan-maps either :-(


Seems I need to try a more recent IOS version, and see if it works there
(Google wasn't helpful either).


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20141227/c02a9cf5/attachment.sig>

More information about the cisco-nsp mailing list