2019/07/19

Vlan Access-Map MAC Address Filtering


[Deny => Permit Rule]


# Select the MAC address.

mac access-list extended MAC
 permit host 3c97.0e75.bb25 any             # Select Source MAC, Destination Any


# Select the Drop or Forword rule using Vlan Access-Map.

vlan access-map MACFILTER 10
 match mac address MAC                                # Match the access-list
 action drop                                      # MAC Drop
vlan access-map MACFILTER 20
 action forward                                  # MAC Forward


# Set the Filter rule to Vlan.

vlan filter MACFILTER vlan-list 1               # Set the rule at Vlan 1



[Permit => Deny Rule]


# Select the MAC address.

mac access-list extended MAC1
 permit host 3c97.0e75.bb25 any             # Select outgoing Source MAC
mac access-list extended MAC3
 permit any any
mac access-list extended MAC4
 permit any host 3c97.0e75.bb25             # Select incoming Destination MAC


# Select the Drop or Forword rule using Vlan Access-Map.

vlan access-map FILTER 10
 match mac address MAC1                    # Match the Source MAC1 access-list
 action forward                                  # MAC Forward
vlan access-map FILTER 20
 match mac address MAC4                    # Match the Destination MAC4 access-list
 action forward                                  # MAC Forward
vlan access-map FILTER 30
 match mac address MAC3                    # Match the MAC3 Access-list for denying
 action drop                                      # MAC Drop


# Set the Filter rule to Vlan.

vlan filter FILTER vlan-list 1                     # Set the rule at Vlan 1

No comments:

Post a Comment