VLAN filtering with mac

dennisv99 · ‎09-13-2010

Hi,

I'm trying to filter a mac address on a vlan using VACL/VLAN access map but i can't get it working om my 4510R. None of the traffic from the host seems to be filtered.

I want to filter mac 001c.7ec8.e7b2 on vlan 11. Here's the configuration:

mac access-list extended abcdef
permit host 001c.7ec8.e7b2 any

vlan access-map block1 10
action drop
match mac address abcdef
vlan access-map block1 20
action forward

vlan filter block1 vlan-list 11

When i use this exact same config on a 3560 it works just fine.

When i use a ip acl instead of a mac acl the filtering for that particular ip address works

What could be te case? The ios ver of the 4515R is 12.2(53)SG.

thanks

dennisv99 · ‎09-23-2010

Anyone?

Jon Marshall · ‎09-23-2010

Dennis

Just a guess but could you reorder your first entry ie.

vlan access-map block1 10
action drop
match mac address abcdef

to

vlan access-map block1 10

match mac address abcdef

action drop

Jon

dennisv99 · ‎09-23-2010

Hi Jon,

Allthough i did configure the match line before the action line it shows up the lines the other way around in de running-config. Strange huh?

Nevertheless the show vlan access-map command shows the correct config:

Vlan access-map "block1" 10
Match clauses:
    mac address: abcdef
Action:
    drop
Vlan access-map "block1" 20
Match clauses:
Action:
    forward