VLAN filtering with mac

Unanswered Question
Sep 13th, 2010

Hi,

I'm trying to filter a mac address on a vlan using VACL/VLAN access map but i can't get it working om my 4510R. None of the traffic from the host seems to be filtered.

I want to filter mac 001c.7ec8.e7b2 on vlan 11. Here's the configuration:

mac access-list extended abcdef
permit host 001c.7ec8.e7b2 any

vlan access-map block1 10
action drop
match mac address abcdef
vlan access-map block1 20
action forward

vlan filter block1 vlan-list 11

When i use this exact same config on a 3560 it works just fine.

When i use a ip acl instead of a mac acl the filtering for that particular ip address works

What could be te case? The ios ver of the 4515R is 12.2(53)SG.

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 09/23/2010 - 10:54

Dennis

Just a guess but could you reorder your first entry ie.

vlan access-map block1 10
action drop
match mac address abcdef

to

vlan access-map block1 10

match mac address abcdef

action drop

Jon

DennisV99_2 Thu, 09/23/2010 - 11:45

Hi Jon,

Allthough i did configure the match line before the action line it shows up the lines the other way around in de running-config. Strange huh?

Nevertheless the show vlan access-map command shows the correct config:

Vlan access-map "block1"  10
  Match clauses:
    mac address: abcdef
  Action:
    drop
Vlan access-map "block1"  20
  Match clauses:
  Action:
    forward

Actions

This Discussion