Hi Kingsley, this way we can specify vlan policy for ethertypes and addresses, for expample - forbid arp resolution for block adresses or LWAPP, EAPOL, PPP, PPPoE and so on:
mac access-list extended ARP_Packet permit any any 0x806 0x0 vlan access-map block_arp 10 action drop match mac address ARP_Packet vlan access-map block_arp 20 action forward vlan filter block_arp vlan-list 666 Best regards, Andrey (Patri0t) On Sun, Aug 21, 2011 at 11:59 AM, Kingsley Charles < [email protected]> wrote: > Hi all > > We use "match mac" for matching non-IP traffic with VACLs. And when we have > more than one match entries, they should ANDed. Said with this, what would > be circumstances where we would use > the following type of VACL access map that has a match entry for IP and > MAC. > > vlan access-map king > action forward > match mac address macking > match ip address 123 > > Why would Cisco give this option? > > Any thoughts? > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- Best regards, Andrey
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
