VLAN filtering not working as expected

Unanswered Question

I am trying to kill off some NETBIOS traffic within a VLAN with a VLAN filter map so it dosn't keep filling up my logs when it fails against the inbound ACL on the VLAN interface but it is not working as I expect it to (and my other VLAN filter maps are).

I am working with VLAN 4, so I have:

interface Vlan4

description Console and Management Traffic

ip address 172.17.0.97 255.255.255.224

ip access-group Console_NetIn in

ip access-group Console_NetOut out

end

My IP Access-list:

Extended IP access list NetBiosMap

10 permit udp host 172.17.0.98 host 172.17.0.127 range 127 128

20 permit udp host 172.17.0.98 eq 127 any

30 permit udp host 172.17.0.98 eq 128 any

My Vlan Access-map:

vlan access-map Filter_VL4 10

action drop

match ip address NetBiosMap

vlan access-map Filter_VL4 20

action forward

Applied:

vlan filter Filter_VL4 vlan-list 4

Verify:

VLAN Map Filter_VL4 is filtering VLANs:

4

--------------- but -----------

I keep getting:

Feb 4 13:56:34: %SEC-6-IPACCESSLOGP: list Console_NetIn denied udp 172.17.0.98(138) -> 172.17.0.127(138), 1 packet

ARGH! Help?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion