VLAN filtering with mac

Unanswered Question
Sep 13th, 2010
User Badges:

Hi,


I'm trying to filter a mac address on a vlan using VACL/VLAN access map but i can't get it working om my 4510R. None of the traffic from the host seems to be filtered.

I want to filter mac 001c.7ec8.e7b2 on vlan 11. Here's the configuration:


mac access-list extended abcdef
permit host 001c.7ec8.e7b2 any


vlan access-map block1 10
action drop
match mac address abcdef
vlan access-map block1 20
action forward


vlan filter block1 vlan-list 11


When i use this exact same config on a 3560 it works just fine.

When i use a ip acl instead of a mac acl the filtering for that particular ip address works


What could be te case? The ios ver of the 4515R is 12.2(53)SG.


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 09/23/2010 - 10:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Dennis


Just a guess but could you reorder your first entry ie.


vlan access-map block1 10
action drop
match mac address abcdef


to


vlan access-map block1 10

match mac address abcdef

action drop


Jon

DennisV99_2 Thu, 09/23/2010 - 11:45
User Badges:

Hi Jon,


Allthough i did configure the match line before the action line it shows up the lines the other way around in de running-config. Strange huh?


Nevertheless the show vlan access-map command shows the correct config:


Vlan access-map "block1"  10
  Match clauses:
    mac address: abcdef
  Action:
    drop
Vlan access-map "block1"  20
  Match clauses:
  Action:
    forward

Actions

This Discussion