I'm trying to configure an input-access-list on 7204 Routers (IOS 12.2(10)), which should filter on the destination (!) MAC-address but can't get it work. Is this even possible?
The router should ignore all traffic with a destination-MAC (multicast) of 0100.5e7c.0006 and accept all other traffic. In my setup, this address is used with Firewalls in a Stonebeat cluster. Without filter my routers, by mistake, listen to this traffic, replicate it and send it out again which causes multicast-storms. I've read that this is quite a common behaviour observed with Cisco-Routers that run HSRP. By mistake some Routers (depending on what?) sometimes listen to all Layer2 Multicast-Traffic instead to just the HSRP-Multicasts. Unfortunately, I can't configure any filters on the switch, which led me to the idea to apply a filter on the routers. It's no problem to configure an extended MAC Access-list (access-list ). But I struggle with applying it to the interface. The 'bridge-group input-address-list ' just allows standard MAC Access-Lists, which would filter the source-address only. So I tried the follwoing approach (CAR): access-list 1100 permit 0000.0000.0000 ffff.ffff.ffff 0100.5e7c.0006 0000.0000.0000 access-list 101 permit ip any any interface fastethernet0/0 rate-limit input access-group 1100 100000000 100000 100000 conform-action drop exceed-action drop rate-limit input access-group 101 100000000 100000 100000 conform-action transmit exceed-action transmit In the lab the router accepted the commands, but now it blocks all traffic instead just the specified destination mac-address. Any suggestions? Thanks in advance. Lars Bucher Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57312&t=57312 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
