Calalyst 3650 (IOS 12.2(25)SEE2) as a L2 switch.

I want to block all L2 traffic between two MAC addresses.

One MAC is a IP-Phone and the other MAC is the local Voice Gateway. IP-Phone and Voice-Gateway are both in VLAN 10. Both MACs are attached via VLAN Trunks:

!

interface FastEthernet0/34

description IP-Phone

switchport access vlan 50

switchport mode access

switchport nonegotiate

switchport voice vlan 10

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/1

description Voice-Gateway

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

!

MAC addresses are taken from mac-address-table and double-checked;-)

I set up a VLAN filter as described in:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_exampl

e09186a0080470c39.shtml

sw05(config)#mac access-list extended srst

sw05(config-ext-macl)#permit host 0090.0b08.0507 host 001a.2f80.33cd

sw05(config-ext-macl)#exit

sw05(config)#vlan access-map block-srst

sw05(config-access-map)#action drop

sw05(config-access-map)#match mac address srst

sw05(config-access-map)#exit

sw05(config)#vlan access-map block-srst 20

sw05(config-access-map)#action forward

sw05(config-access-map)#exit

sw05(config)#do sh vlan access-map

Vlan access-map "block-srst" 10

Match clauses:

mac address: srst

Action:

drop

Vlan access-map "block-srst" 20

Match clauses:

Action:

forward

sw05(config)#

sw05(config)#vlan filter block-srst vlan-list 10

sw05(config)#

But this filter doesn't work.

Do you have any ideas?