access-list to filter layer-2 traffic

Discussion in 'Cisco' started by Uwe Günzel, Jul 9, 2003.

  1. Uwe Günzel

    Uwe Günzel Guest

    Hi,

    i need to configure a 3550 switch with ip routing functionality. But i have
    to block
    all unnecessary layer-2 traffic because there a number of hosts who still
    use layer-2 protocols
    and this should be blocked.

    My solution looks like this: ( i allow arp and block all the others)

    (config)#interface vlan10
    (config-if)#ip address 10.1.1.1 255.255.255.0
    (config-if)#bridge-group 1 (not quite sure if bridge commands are allowed
    here)
    (config-if)#bridge-group 1 output-type-list 200
    (config)#bridge 1 protocol ieee (not sure if this is allowed on a switch)
    (config)#access-list 200 permit 0x0806 0x0000 (allow arp, deny the rest )

    The interface vlan10 already has an "ip access-group in" to block certain ip
    traffic.

    Could this solution work?
    Any comments are welcome?

    Blocking layer-2 traffic is new to me. (obviously)
     
    Uwe Günzel, Jul 9, 2003
    #1
    1. Advertisements

  2. Uwe Günzel

    Uwe Günzel Guest

    Hi,

    i just thought about this problem and i realized, that VLANS already block
    layer-2 traffic
    so my solution is obsolete and probably total nonsense.

    So, never mind.
     
    Uwe Günzel, Jul 9, 2003
    #2
    1. Advertisements

  3. i need to configure a 3550 switch with ip routing functionality. But i have
    Sorry, don't understand your requirement. What is the link between the
    3550 switch being able to do routing got to do with the layer 2
    traffic ? And, you want to block the layer 2 traffic from what / or
    from being able to do what ? How is it linked to the routing part of
    your question ?

    If you're worried about layer 2 traffic between hosts, you can put
    them in different VLANs.

    Please explain your other requirements (even if you've changed your
    mind ;-) )
     
    jonathan fernandes, Jul 9, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.