Extended MAC access list WIFI-CLIENTS permit host 0027.1046.7350 any permit any host 0027.1046.7350
Any idea what's causing this?
Do I have to enable somthing global? (already tried "mls qos", "ip routing", "ip cef" - doesn't work either)?
Do I need a special IOS?
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 07-Jun-05 23:34 by yenanh
ROM: Bootstrap program is C3560 boot loader BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEA, RELEASE SOFTWARE (fc)
de-ipc-ulmdon-sw-01 uptime is 1 hour, 59 minutes System returned to ROM by power-on System image file is "flash:c3560-ipbase-mz.122-25.SEB2/c3560-ipbase-mz.122-25.SEB2.bin"
cisco WS-C3560-48PS (PowerPC405) processor (revision L0) with 118784K/12280K bytes of memory. Processor board ID CAT0927N0ZF Last reset from power-on 6 Virtual Ethernet interfaces 48 FastEthernet interfaces 4 Gigabit Ethernet interfaces The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:14:F2:59:41:00 Motherboard assembly number : 73-9676-09 Power supply part number : 341-0029-04 Motherboard serial number : CAT09270EXJ Power supply serial number : DTH09247PAE Model revision number : L0 Motherboard revision number : A0 Model number : WS-C3560-48PS-S System serial number : CAT0927N0ZF SFP Module assembly part number : 73-7757-03 SFP Module revision Number : A0 SFP Module serial number : CAT09270ARR Top Assembly Part Number : 800-25859-03 Top Assembly Revision Number : A0 Version ID : V04 CLEI Code Number : CNMV3N0CRC Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 52 WS-C3560-48PS 12.2(25)SEB2 C3560-IPBASE-M
in the meantime I've done an IOS update to c3560-advipservicesk9-mz.122-44.SE6.bin. Now the router can accept both commands on the interface at the same time. But I still can't establish a working config (with or without mls qos).
I'm wondering that you're saying that I shouldn't use both commands at the same time, because this is stated on the Cisco sample:
I also tried a match-any IP ACL (second policy term to set dscp af11), but also no change with that. I can't see any marked packets on the output interface as well. On the "show mls qos int" output I can see that the policy is bound to the interface:
show mls qos int f0/5
FastEthernet0/5 Attached policy-map for Ingress: WIFI-CLIENTS trust state: trust cos trust mode: trust cos trust enabled flag: ena COS override: dis default COS: 0 DSCP Mutation Map: Default DSCP Mutation MapTrust device: none qos mode: port-based
Maybe I'm moving into a completely wrong direction so I want to explain the purpose of what I'm doing:
On the switchport FastEthernet0/5 I got an accesspoint (sadly not from Cisco and without QoS or VLAN capabilities) I have two usergroups using this AP. The first groups are guests or lab users. They can have a full speed VPN-Access or a very limited internet access. The policing is done on the internet gateway by matching the dscp, set by the default-gateway of the clients. The second group are standard employees which should get full internet access. To simplify administration (on the router and the client side) both usergroups get DHCP adresses from the same network. According to that I have to use a MAC filter to seperate them. Because VLAN advertising by MAC won't work when there are multiple clients on one switchport I think the separation can only be done by setting different DSCP values on the switch, based on the MAC ACL.
But even if there is another way I havn't thought about yet, now want to see how this one will work .
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...