Actually I wanted to know the use case of having mac and ip acl as matching criteria in the same VACL entry.
vlan access-map king action forward match mac address macking match ip address 123 With regads Kings On Thu, Sep 8, 2011 at 1:45 PM, Andrey <[email protected]> wrote: > Hi Kingsley, > > this way we can specify vlan policy for ethertypes and addresses, for > expample - > forbid arp resolution for block adresses or LWAPP, EAPOL, PPP, PPPoE and so > on: > > mac access-list extended ARP_Packet > permit any any 0x806 0x0 > > vlan access-map block_arp 10 > action drop > match mac address ARP_Packet > > vlan access-map block_arp 20 > action forward > > vlan filter block_arp vlan-list 666 > > Best regards, > Andrey (Patri0t) > > On Sun, Aug 21, 2011 at 11:59 AM, Kingsley Charles < > [email protected]> wrote: > >> Hi all >> >> We use "match mac" for matching non-IP traffic with VACLs. And when we >> have more than one match entries, they should ANDed. Said with this, what >> would be circumstances where we would use >> the following type of VACL access map that has a match entry for IP and >> MAC. >> >> vlan access-map king >> action forward >> match mac address macking >> match ip address 123 >> >> Why would Cisco give this option? >> >> Any thoughts? >> >> With regards >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > > > > -- > Best regards, > Andrey > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
