Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vlan filter ?

I have a router connected to a 3550 switch. The router is in vlan 55. I want to limit communication on vlan 55 to the mac addresses of the routers E0 int (0000.0c0a.38c4) and the mac address of the switch (000d.29ce.0180).

I have the following config:

mac access-list extended R1_mac

permit host 000d.29ce.0180 host 0000.0c0a.38c4

permit host 0000.0c0a.38c4 host 000d.29ce.0180

permit any host ffff.ffff.ffff

vlan access-map restrict_vlan55_0000.0c0a.38c4 10

action forward

match mac address R1_mac

vlan access-map restrict_vlan55_0000.0c0a.38c4 20

action drop

vlan filter restrict_vlan55_0000.0c0a.38c4 vlan-list 55

When I attempt to ping from the switch to the router interface I get timed out.

If I remove the vlan filter pings are good.

I have monitored the switch port connected to vlan 55 and can see my ARP request getting a response. I can also see the echo request and reply packets. However the vlan filter still appears to be blocking the ICMP response packet.

Any ideas ?

  • LAN Switching and Routing
1 REPLY
Gold

Re: vlan filter ?

mac extended acl's are only for non-ip traffic.

"Use the mac access-list extended global configuration command to create an access list based on MAC addresses for non-IP traffic."

use a normal ip ext. acl.

234
Views
5
Helpful
1
Replies
This widget could not be displayed.