I know what you guys are saying, but that is not the way it works. If you check out the documentation it specifically says "Use the deny MAC access-list configuration command to prevent non-IP traffic from being forwarded if the conditions are matched." As far as why they decided to engineer it that way, I am not sure
Regards, Joe Astorino CCIE #24347 (R&S) Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of desmond Black Sent: Monday, June 29, 2009 2:59 AM To: Wilson Tuma; [email protected] Subject: Re: [OSL | CCIE_RS] IP filtering @ Mac level Blues. I agree. As I understand one should be able filter IPv4 packets using the 0x0800 Ethertype in Mac-ACL. But then when you filter like this, all your IP traffic is affected [including Routing Protocols]. ----- Original Message ----- From: "Wilson Tuma" To: [email protected] Subject: [OSL | CCIE_RS] IP filtering @ Mac level Blues. Date: Sat, 27 Jun 2009 23:37:49 -0700 (PDT) Hi all While trying to filter IP at mac level I came across the following statements. 1. IP Packets can only be processed by IP Access-Lists; 2. Non-IP Packets like ARP, MAC-Addresses, and others can only be processed by MAC Access-Lists.This blurs my thinking somewhat because I understand the following. Ethertype codes are used to represent the various protocols at mac level. 0x86DD for IPV6, 0x806 for arp, 0x4242 for pvst, lsap 0xAAAA for pvst+ In that light there has to be a code to representing IP. If not how does IP packets get handed to the IP protocol stack from mac encapsulations? I check further and found the following 0800 DOD Internet Protocol (IP) 0801 X.75 Internet 0802 NBS Internet 0803 ECMA Internet Why is it not possible to used one or all these ethertypes to filter out IP at the mac level? Thanks. Wilson F. Tuma ==================================== CCNP, CCNA, MCSE, MCSA Box 1784 Douala Cell : +237 77 7753 753 Email : [email protected] ==================================== Desmond Black, In Pursuit of CCIE!! India -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com <http://www.mail.com/Product.aspx> ! Checked by AVG - www.avg.com Version: 8.5.375 / Virus Database: 270.12.93/2206 - Release Date: 06/29/09 05:54:00
