mac filter problem

Unanswered Question
Jul 8th, 2009
User Badges:

I want to filter mac address in specific vlan (vlan 100) , only specify mac able to go through gi 2/1 .

i configure the cisco 6509 as below,but it does't work . All mac can out and from the interface .


mac access-list extended ANY

permit any any

mac access-list extended VLAN100

permit host 0004.de53.8200 any

permit any host 0004.de53.8200

!

vlan access-map VLAN-MAP 10

match mac address VLAN100

action forward

vlan access-map VLAN-MAP 20

match mac address ANY

action drop

!

vlan filter VLAN-MAP vlan-list 100-100

!

interface GigabitEthernet2/1

switchport

switchport access vlan 100

switchport mode access

switchport nonegotiate

no ip address

no cdp enable

no mop enabled

spanning-tree bpdufilter enable

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
liuguiqing Wed, 07/08/2009 - 01:18
User Badges:

can i use port-security ?

Gi 2/1

switchport

switchport access vlan 100

switchport mode access

switchport port-security maximum 200

switchport port-security violation restrict

switchport port-security mac-address sticky a.a.a.a

switchport port-security mac-address sticky b.b.b.b

!

Actions

This Discussion