[c-nsp] MAC ACL on CBS3020
Gert Doering
gert at greenie.muc.de
Sat Dec 27 11:00:40 EST 2014
Hi,
On Wed, Dec 24, 2014 at 03:36:39PM +0100, Lukas Tribus wrote:
> > ... and that did exactly nothing, as in "packets continue to flow" and
> > "show access-list hardware counter" shows exactly no "Drop" hits either.
>
> Iirc, at least on some platforms, mac access-list only match non-IP traffic. So when we are talking IP (or IPv6) traffic, you probably wanna try an actual IP access-list (an ipv6 access-list in this case).
No IPv6 access-list support on CBS3020...
> You may need to apply such ACLs to the vlan (via vlan-maps), not directly to the port.
>
> But this is very platform specific, so YMMV.
Very platform specific indeed, the CBS3020 doesn't *have* vlan-maps either :-(
*grumble*
Seems I need to try a more recent IOS version, and see if it works there
(Google wasn't helpful either).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20141227/c02a9cf5/attachment.sig>
More information about the cisco-nsp
mailing list