The 3750 only has one TCAM table. 3550 and 3560 have two TCAM tables for lookup.
VACLs work within the L3 subsystem, and in the case of the 3750, the frame has already been through the TCAM system at Layer2 and cannot be re-looked at. At least that is my understanding of the architecture differences there. HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE #153, CISSP, et al. CCSI/JNCI-M/JNCI-J IPexpert VP - Curriculum Development IPexpert Sr. Technical Instructor [EMAIL PROTECTED] http://www.ipexpert.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bradley Lowry Sent: Monday, March 05, 2007 11:42 AM To: [email protected] Subject: [OSL | CCIE_RS] LAB 2, am I missing something about VLAN filtering? I couldn't get VLAN filtering to work with MAC addresses, but I could get it to work with IP addresses. I double and triple checked the MAC#s against the ARP tables, and changed the router MAC addresses so that they would be easier to read. I have a WS-C3750-24PS-S running c3750-advipservicesk9-mz.122-25.SEE.bin. The image is supposed to support VLAN filtering. I find it hard to believe that my hardware would not support VLAN filtering by MAC#. Relevant lines of configuration are below: mac access-list extended allow_r2 permit host 0000.0000.0002 any mac access-list extended allow_r4 permit host 0000.0000.0004 any mac access-list extended allow_sw1 permit host 0011.bb97.bdc0 any mac access-list extended test_all permit any any vlan access-map carol 10 action forward match mac address allow_r2 vlan access-map carol 20 action forward match mac address allow_r4 vlan access-map carol 30 action forward match mac address allow_sw1 vlan access-map carol 40 action drop vlan filter carol vlan-list 1
