sto provando a filtrare qualche mac address sul mio SOHO 877 in entrata sulla Vlan1 (seguono sh ver e sh run).
In poche parole imposto l'acl:
Codice: Seleziona tutto
access-list 700 deny xxxx.xxxx.xxxx 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffffCodice: Seleziona tutto
bridge-group 1
bridge-group 1 input-address-list 700sh access-list 700 non mi da alcun match. Ho provato anche a modificare un po' le acl ma niente. Vorrei capire cosa sbaglio (nel bridge-group o nell'acl).
Grazie.
sh run
Codice: Seleziona tutto
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco_877-k9
!
boot-start-marker
boot-end-marker
!
logging buffered 2097152 debugging
enable secret 5 __________________
!
no aaa new-model
!
resource policy
!
clock timezone Italy 1
clock summer-time Italy recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip cef
!
!
ip inspect name fwo cuseeme timeout 3600
ip inspect name fwo ftp timeout 3600
ip inspect name fwo rcmd timeout 3600
ip inspect name fwo realaudio timeout 3600
ip inspect name fwo smtp timeout 3600
ip inspect name fwo tftp timeout 30
ip inspect name fwo udp timeout 15
ip inspect name fwo tcp timeout 3600
ip inspect name fwo h323 timeout 3600
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
username _______ privilege 15 secret 5 _____________________
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
ip address negotiated
ip inspect fwo out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp pap sent-username _______ password 7 ____________________
ppp ipcp dns request
ppp ipcp wins request
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static 192.168.50.2 interface Dialer1
!
no logging trap
access-list 22 permit 192.168.50.0 0.0.0.255
access-list 102 permit ip 192.168.50.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO 22
snmp-server location ___________________________
snmp-server contact _______________
!
!
line con 0
login local
no modem enable
transport output none
stopbits 1
line aux 0
login local
transport output none
stopbits 1
line vty 0 4
access-class 22 in
exec-timeout 120 0
privilege level 15
login local
transport input ssh
!
scheduler max-task-time 5000
no scheduler allocate
ntp clock-period 17174998
ntp source Vlan1
ntp server ______________
ntp server ______________
end
Codice: Seleziona tutto
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T7, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 29-Nov-06 00:43 by kellythw
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
cisco_877-k9 uptime is 55 minutes
System returned to ROM by power-on
System restarted at 09:16:17 Italy Mon Jul 9 2007
System image file is "flash:c870-advsecurityk9-mz.124-4.T7.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 877 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FCZ1118244K
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102