Hi In a 7600, I have a trunk port and one of the vlans allowed on the trunk is a SVI (routed L3 interface)
Now I would like to filter clients on this vlan based on mac addresses (allow certain range of addresses and block all other) There is already a ip access-list on the L3 interface, I have tried to just vacl but it doesn't work (and probably isn't suppose to) , I can't use pacl on the switchport since I only what to filter this specific vlan not all other vlans. Can this be solved on the 7600? Regards Josef config example interface GigabitEthernet3/3 description test3 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 123,777 switchport mode trunk interface Vlan777 ip address 61.61.61.1 255.255.255.0 ip helper-address 1.1.1.1 ip access-group 111 in ========================== vacl test: mac access-list ext filter permit 0001.aa00.0000 0000.00ff.ffff any vlan access-map vlan_filter 10 match mac address filter action forward vlan filter vlan_filter vlan-list 777 ====================== int g3/3 mac access-group filter in _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
