Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
noc
New Member

2948-L3 bridge-group input-address-list not working

when you configure a bridge-group (to make a

2948-L3 more like a switch)

and try to allow only 1 mac address per port, using

the interface command,

2948-L3(Config-if)#bridge-group 10 input-address-list 701

(where 701 is a mac address access list), it does

not work.. the only way I have been able to do this,

is to apply to a software interface, like port-channel 1)

Can you apply these on a 2948-L3, (it of course works great on a router)..

What I need to do is port security (like a 3550)

on a 2948-L3, where only 1 IT dept approved mac

can get on any fastethernet port.

I apply the input-address-list and nothing is blocked.... Any mac can still transmit (security

does not work) Please help !

bridge irb

!

!

!

!

interface FastEthernet1

no ip address

no ip directed-broadcast

bridge-group 10

bridge-group 10 input-address-list 701

bridge-group 10 spanning-disabled

!

access-list 701 permit 0001.e69f.3015 0000.0000.0000

access-list 701 deny 0000.0000.0000 ffff.ffff.ffff

!

!

interface BVI10

ip address 10.10.10.1 255.255.255.0

no ip directed-broadcast

!

!

bridge 10 protocol ieee

bridge 10 route ip

bridge 10 priority 60000

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: 2948-L3 bridge-group input-address-list not working

Hi,

Catalyst 2948G L3 dosin't support data-plane access list on its 48 10/100 ports. It supports only Control-plane access list on these ports. The 2 GBIC ports supports data-plane access list.

Control-plane access lists are access lists that can be implemented in software via the CPU. These access lists can be applied to any packets that are forwarded to the CPU such as routing updates and IPX RIPs and SAPs. Data-plane access lists are access lists that are applied to unicast packets between two hosts. These packets are switched in hardware and require specific hardware that is only resident on the two Gigabit Ethernet ports on the Catalyst 2948G-L3.

Pls. refer the below URL for more details.

http://www.cisco.com/en/US/partner/products/hw/switches/ps606/products_qanda_item09186a0080092864.shtml

2 REPLIES
New Member

Re: 2948-L3 bridge-group input-address-list not working

Hi,

Catalyst 2948G L3 dosin't support data-plane access list on its 48 10/100 ports. It supports only Control-plane access list on these ports. The 2 GBIC ports supports data-plane access list.

Control-plane access lists are access lists that can be implemented in software via the CPU. These access lists can be applied to any packets that are forwarded to the CPU such as routing updates and IPX RIPs and SAPs. Data-plane access lists are access lists that are applied to unicast packets between two hosts. These packets are switched in hardware and require specific hardware that is only resident on the two Gigabit Ethernet ports on the Catalyst 2948G-L3.

Pls. refer the below URL for more details.

http://www.cisco.com/en/US/partner/products/hw/switches/ps606/products_qanda_item09186a0080092864.shtml

noc
New Member

Re: 2948-L3 bridge-group input-address-list not working

Great Answer ! Thanks !

165
Views
0
Helpful
2
Replies
CreatePlease to create content