Mac access-lists can be used to match traffic by L2 characteristics. In turn this traffic can be forwarded or filtered using Vlan ACLs or VACLs.
For example key words available on a mac acl include the following
aarp EtherType: AppleTalk ARP
amber EtherType: DEC-Amber
appletalk EtherType: AppleTalk/EtherTalk
cos CoS value
dec-spanning EtherType: DEC-Spanning-Tree
decnet-iv EtherType: DECnet Phase IV
diagnostic EtherType: DEC-Diagnostic
dsm EtherType: DEC-DSM
etype-6000 EtherType: 0x6000
etype-8042 EtherType: 0x8042
lat EtherType: DEC-LAT
lavc-sca EtherType: DEC-LAVC-SCA
lsap LSAP value
mop-console EtherType: DEC-MOP Remote Console
mop-dump EtherType: DEC-MOP Dump
msdos EtherType: DEC-MSDOS
mumps EtherType: DEC-MUMPS
netbios EtherType: DEC-NETBIOS
vines-echo EtherType: VINES Echo
vines-ip EtherType: VINES IP
xns-idp EtherType: XNS IDP
By way of an example i will filter all DEC diagnostic traffic from VLAN 10...
mac access-list extended RICH
permit any any DEC-Diagnostic
vlan access-map TEST
match mac address RICH
action drop
vlan access-map TEST
action forward
vlan filter TEST vlan-list 10
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment