From: Krake, Kris (KKrake@aegonusa.com)
Date: Fri Sep 13 2002 - 01:48:28 GMT-3
I tried this on the 3550 and it worked.
Oh and DO NOT forget the permit any any....all spanning tree and trunking,
etc. stops when you block EVERYTHING. Wow is this powerful :)
!
mac access-list extended filtermac
deny host 0005.dca4.6c00 any
permit any any
!
!
interface GigabitEthernet0/2
no ip address
mac access-group filtermac in
==============
Kris
-----Original Message-----
From: Peter [mailto:peter@cyscoexpert.com]
Sent: Thursday, September 12, 2002 10:44 PM
To: ccielab@groupstudy.com
Subject: Re: How can you stop intra-vlan traffic?
Port ACLs on Cat3550 come to mind. One of the ways of configuring them is
based on source and destination MAC.
You could also use VLAN maps to filter within the same VLAN but at layer 3.
__________________________
Peter
#7247 (R&S, Security)
CyscoExpert Corp.
4433 W. Touhy Ave. Suite 410
Lincolnwood, IL 60712
Phone (847) 674-3392
Fax (847) 674-2625
www.cyscoexpert.com
----- Original Message -----
From: "Phil Virnoche" <p.virnoche@verizon.net>
To: <ccielab@groupstudy.com>
Sent: Thursday, September 12, 2002 8:16 PM
Subject: How can you stop intra-vlan traffic?
> Can you stop traffic from host to host on the same VLAN without
> deploying something like Private-VLAN's ?? Is there a way to do it at
> layer 2?
>
> TIA !!!
>
> Phil
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:50 GMT-3