I have a 6513 running hybrid mode. I need to restrict a particular VLAN so
only sip and rtp traffic can talk to it. I've never done anything like that
on CatOS, can someone help me out?

You may want to investigate the Cisco CatOS Configuration Conversion
Tool:

http://www.cisco.com/cgi-bin/Support...catcfg_xlat.pl

Sincerely,

Brad Reese
BradReese.Com Cisco Repair Service Experts
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.bradreese.com/cisco-big-iron-repair.htm

Are the VLANs defined on the router side of the box or just on the switch?

ESM wrote:

--


Patrick O'Sullivan
Rutgers University Network Operations
patrick.osullivan@rutgers.edu

Both sides.

"Patrick O'Sullivan" <patrick.osullivan@rutgers.edu> wrote in message
news:42DB30B1.8080208@rutgers.edu...

I know how to do it in IOS, I'm trying to do it in CatOS. This doesn't go
IOS -> CatOS.

"www.BradReese.Com" <Reese@BradReese.Com> wrote in message
news:1121657869.985884.111450@o13g2000cwo.googlegr oups.com...

First, build the ACL this way:

set security acl ip <nameofACL> permit (etc)
make sure you have a permit ip any any at the end....in that way it's
like IOS.
Next, commit the acl like so:
commit security acl <nameofACL>

Then, map the acl to the vlans you want to filter like so:

set security acl map <nameofACL> <vlan number(s)>

That should do it!
hope this helps.

I misspoke - Don't put a permit ip any any if you want to restrict it
to SIP and RTP!
sorry!

Thanks, that was the info on needed. One last question, do CatOS ACL's need
a deny ip any any at the end of the ACL or is it implied and would only be
stated for consistancy?

"roahboah" <roahboah@gmail.com> wrote in message
news:1121713437.329236.93090@g14g2000cwa.googlegro ups.com...

Pretty sure it's implied - the same as IOS ACLs.