VLAN filtering not working as expected

Unanswered Question

I am trying to kill off some NETBIOS traffic within a VLAN with a VLAN filter map so it dosn't keep filling up my logs when it fails against the inbound ACL on the VLAN interface but it is not working as I expect it to (and my other VLAN filter maps are).


I am working with VLAN 4, so I have:

interface Vlan4

description Console and Management Traffic

ip address 172.17.0.97 255.255.255.224

ip access-group Console_NetIn in

ip access-group Console_NetOut out

end


My IP Access-list:

Extended IP access list NetBiosMap

10 permit udp host 172.17.0.98 host 172.17.0.127 range 127 128

20 permit udp host 172.17.0.98 eq 127 any

30 permit udp host 172.17.0.98 eq 128 any


My Vlan Access-map:

vlan access-map Filter_VL4 10

action drop

match ip address NetBiosMap

vlan access-map Filter_VL4 20

action forward


Applied:

vlan filter Filter_VL4 vlan-list 4


Verify:

VLAN Map Filter_VL4 is filtering VLANs:

4

--------------- but -----------


I keep getting:

Feb 4 13:56:34: %SEC-6-IPACCESSLOGP: list Console_NetIn denied udp 172.17.0.98(138) -> 172.17.0.127(138), 1 packet


ARGH! Help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 02/04/2009 - 12:14
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Actions

This Discussion