Re: VLAN MAPS

From: Ivan (ivan@iip.net)
Date: Tue Feb 28 2006 - 09:58:21 GMT-3

• Next message: jellyboy: "ip verify unicast"
• Previous message: Hashiru Aminu: "VLAN MAPS"
• Maybe in reply to: Hashiru Aminu: "VLAN MAPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here work "match first logic".
at first match ip address IPONLYEX. If matched then forward
second match mac address ARP. If matched then forwad

then go to VLAN access-map HASH 20 and drop all frames.

> My second issue with VLAN maps is that is it a "match all" or "match any"
> logic.
>
> i.e if I configure as below :
>
>
>
>
>
> ip access-list extended IPONLYEX
>
> permit ip any any
>
>
>
> mac access-list extended ARP
>
> permit any any 0x806 0x0
>
>
>
> mac access-list extended STP
>
> permit any any 0x4242 0x0
>
> !
>
> VLAN access-map HASH 10
>
> action forward
>
> match ip address IPONLYEX
>
> match mac address ARP
>
>
>
> VLAN access-map HASH 20
>
> action drop
>
>
>
> VLAN filter HASH VLAN-list 56
>
>
>
> The only show command I could find to confirm VLAN maps
>
> (it does not show you what VLANS the Map is applied to )
>
> sw2#sh VLAN access-map
>
> VLAN access-map "HASH" 10
>
> Match clauses:
>
> ip address: IPONLYEX
>
> Action:
>
> forward
>
> VLAN access-map "HASH" 20
>
> Match clauses:
>
> mac address: ARP
>
> Action:
>
> forward
>
> VLAN access-map "HASH" 30
>
> Match clauses:
>
> mac address: STP
>
> Action:
>
> forward
>
> VLAN access-map "HASH" 40
>
> Match clauses:
>
> Action:
>
> Drop
>
>
>
> TIA
>
> Hashiru
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Ivan

• Next message: jellyboy: "ip verify unicast"
• Previous message: Hashiru Aminu: "VLAN MAPS"
• Maybe in reply to: Hashiru Aminu: "VLAN MAPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Mar 01 2006 - 11:28:18 GMT-3