Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VACL on 6509 not active

I have a mac controlled VACL configured on an active vlan interface, however the VACL will not go active until I add an IP access-list. I want to filter bridged traffic within the vlan, what is wrong ?

mac access-list extended mediaserver

permit any host 0002.554f.e693

permit any host 0009.6bce.417a

permit any host 0009.6bce.45d9

permit host 0009.6bce.45d9 any

permit host 0009.6bce.417a any

permit host 0002.554f.e693 any

!

!

vlan access-map backup 10

match mac address mediaserver

action forward

!

vlan filter backup vlan-list 220

interface Vlan220

ip address 10.105.220.1 255.255.252.0

4 REPLIES
Bronze

Re: VACL on 6509 not active

Is this IP traffic? I don't think IP traffic is access controlled by mac VACLs.

~Zach

Community Member

Re: VACL on 6509 not active

How do I control ip traffic being bridged through a 6509 to another switch ? I hoped VACL would give me the opportunity to limit traffic within a vlan.

Any suggestions would be very much appreciated.

Bronze

Re: VACL on 6509 not active

I believe IP VACLs can block intra-VLAN (i.e., bridged) traffic.

Bronze

Re: VACL on 6509 not active

that's correct. IP VACLs filter can intra-vlan IP traffic. IPX Vacls filter can filter intra-vlan IPX traffic. MAC VACLs filter any non-IP , non IPX vlan traffic.

Please read the "Configuring Access Control" Guide in the Catalyst 6500 Config Guide on Cisco.com for more details on how VACLs work.

URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_1/confg_gd/acc_list.htm#1020508

155
Views
0
Helpful
4
Replies
CreatePlease to create content