GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Fw: mac acl - conflict with - vlan filter posted 09/10/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


----- Original Message -----
From: "ccie2be" <ccie2be@xxxxxxxxxx>
To: <navaid@xxxxxxxxxx>
Sent: Tuesday, September 09, 2003 10:04 PM
Subject: Re: mac acl - conflict with - vlan filter


> Hi navaid,
>
> According to the 3550 config guide on page 26-19, this behavior is
expected,
> "Port ACLs are not supported on the same switch with router ACLs and VLAN
> maps."
>
> Also see page 26-44, Configuration Conflicts
>
> HTH, dt
>
> ----- Original Message -----
> From: <navaid@xxxxxxxxxx>
> To: <ccielab@xxxxxxxxxxxxxx>
> Sent: Tuesday, September 09, 2003 5:00 PM
> Subject: mac acl - conflict with - vlan filter
>
>
> > When I apply mac acl to ports in vlan 1, I receive a message indicating
> conflict with vlan filters. My vlan filters are on vlan 999 and these
ports
> are in vlan 1.
> >
> > switch1(config)#int range fa0/3 , fa0/11
> > switch1(config-if-range)#mac access-group no6k in
> > switch1(config-if-range)#
> > 000096: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
> > 000097: 1d15h: %FM-3-CONFLICT: Port ACL no6k conflicts with VLAN filters
> > switch1(config-if-range)#
> >
> > following is config for vlan filter and mac-acl
> >
> > mac access-list extended no6k
> >  deny   any any etype-6000
> >  permit any any
> > !
> >
> > vlan access-map nbtonly 10
> >  action forward
> >  match ip address 100
> > vlan access-map nbtonly 20
> >  action drop
> > vlan filter nbtonly vlan-list 999
> >
> > access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-dgm
> > access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ns
> > access-list 100 permit udp 199.199.199.0 0.0.0.255 any eq netbios-ss
> > access-list 100 permit tcp 199.199.199.0 0.0.0.255 any eq 139
> > access-list 100 permit tcp any 199.199.199.0 0.0.0.255 eq 139
> > access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-dgm
> > access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ns
> > access-list 100 permit udp any 199.199.199.0 0.0.0.255 eq netbios-ss
> >
> >
> > 1
> >
> >
> > _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html