1. Home
  2. Cisco Systems
  3. vlan filter with mac access list

vlan filter with mac access list

On a 3550 (IOS 12.1(13)EA1a) switch. I have vlan 1,102,103 and 104. Layer 3 is enabled. Each vlan has an ip address. I have created a mac access list LOCALMACHINES with about 20 mac addresses like this : mac access-list extended LOCALMACHINES permit host xxxx.xxxx.xxxx any

I created a vlan access map LOCALACCESS with the following entries : match mac address LOCALMACHINES action forward.

Then applied this with the vlan filter LOCALACCESS vlan-list 1,102-104. This allowed only these machines on the vlans. This worked fine. I have now copied the exact same config to a 3560 (IOS 12.2(25)SEB). When all machines and the switch are powerd on, they have no access. They get an ip address from DHCP and that's it. It's like if you apply the filter, everything is blocked to everywhere.

Any help would be greately appreciated.

Reply to
Guy
Loading thread data ...

hi,

with a show access-lists command u can see if there are dropped packets and how often they are dropped.

BUT if u filter, based on a mac- address... why get your machines an IP via DHCP? if your filter list is not correct the first broadcast would be filtered as well. so maybe u provide so,me more information, like your config file (be sure to delete PW and IP adresses).

regards me

Reply to
neo80123

This was always the default behaviour. The pc gets an ip address but that's it. You cannot do anything else with it (if the config works as expected). The show access-list command does not give any match numbers in this case. This would only be if you apply the access-list to an interface instead of using it with a vlan filter. The strange thing is that everything worked fine on the 3550 and the exact same config does not on a 3560.

Reply to
Guy

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.