09-13-2010 01:10 AM - edited 03-06-2019 12:56 PM
Hi,
I'm trying to filter a mac address on a vlan using VACL/VLAN access map but i can't get it working om my 4510R. None of the traffic from the host seems to be filtered.
I want to filter mac 001c.7ec8.e7b2 on vlan 11. Here's the configuration:
mac access-list extended abcdef
permit host 001c.7ec8.e7b2 any
vlan access-map block1 10
action drop
match mac address abcdef
vlan access-map block1 20
action forward
vlan filter block1 vlan-list 11
When i use this exact same config on a 3560 it works just fine.
When i use a ip acl instead of a mac acl the filtering for that particular ip address works
What could be te case? The ios ver of the 4515R is 12.2(53)SG.
thanks
09-23-2010 10:21 AM
Anyone?
09-23-2010 10:54 AM
Dennis
Just a guess but could you reorder your first entry ie.
vlan access-map block1 10
action drop
match mac address abcdef
to
vlan access-map block1 10
match mac address abcdef
action drop
Jon
09-23-2010 11:45 AM
Hi Jon,
Allthough i did configure the match line before the action line it shows up the lines the other way around in de running-config. Strange huh?
Nevertheless the show vlan access-map command shows the correct config:
Vlan access-map "block1" 10
Match clauses:
mac address: abcdef
Action:
drop
Vlan access-map "block1" 20
Match clauses:
Action:
forward
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide