Something like this wont work for you?
access-list 700 permit 1111.1112.1112 0000.0000.0000
access-list 700 permit 1111.1112.1113 0000.0000.0000
class-map match-all GS
match access-group 700
!
!
policy-map GS
class GS
drop
On Jun 24, 2010, at 2:35 PM, Networking Dude wrote:
> Sup yalls. I'm looking to wildcard block mac addys, and only permit a
> specific vendor OID. I'm looking at an 1841 with the 4 port SW module
> installed. Unfortunately, you do not have VACL features on HWIC-4ESW.
>
>
> But overall, this has perked my curiosity on if it's even possible to do
> diverse L2 filters on a Cisco router.
>
> Router(config)#access-list ?
> <1-99> IP standard access list
> <100-199> IP extended access list
> <1100-1199> Extended 48-bit MAC address access list
> <1300-1999> IP standard access list (expanded range)
> <200-299> Protocol type-code access list
> <2000-2699> IP extended access list (expanded range)
> <700-799> 48-bit MAC address access list
> compiled Enable IP access-list compilation
> dynamic-extended Extend the dynamic ACL absolute timer
> rate-limit Simple rate-limit specific access list
>
>
> The 700-799 series Mac ACL appears to be legacy and from the examples I've
> seen only works on bridge interfaces, which is a damn shame.
>
> Technically, I could get away with a QOS policy-map to drop mac traffic, but
> it only works with a single mac statement, and not a wildcard range.
>
> For example, this works:
>
> class-map match-any macfilter
> match source-address mac 0017.e0bf.ebe0
> !
> policy-map macfilter
> class macfilter
> drop
>
> And, this does not:
>
>
> access-list 705 permit 0017.e0bf.ebe0 0000.0000.0000
> class-map match-any macfilter
> match access-group 705
>
> policy-map macfilter
> class macfilter
> drop
>
>
> Well that's pretty lame. I can get mac-filtering to work on a linux router,
> and I'm betting a Juniper router, and probably even my windows xp box!!
> Anyone have any to secret methods to accomplish this on a Cisco router?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jun 24 2010 - 14:43:38 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 09:11:38 ART