Cisco Systems BC-23

Configuring Transparent Bridging

Transparent and SRT Bridging Configuration Task List

BC-49

Cisco IOS Bridging and IBM Networking Configuration Guide

To filter these packets on input or output, use either or both of the following commands in interface

configuration mode:

You can filter IEEE 802-encapsulated packets on input. The access list you create is applied to all IEEE

802 frames received on that interface prior to the bridge-learning process. SNAP frames also must pass

any applicable Ethernet type-code access list.

You can also filter IEEE 802-encapsulated packets on output. SNAP frames also must pass any

applicable Ethernet type-code access list. The access list you create is applied just before sending out a

frame to an interface.

To filter these packets on input or output, use one or both of the following commands in interface

configuration mode:

Access lists for Ethernet- and IEEE 802-encapsulated packets affect only bridging functions. You cannot

use such access lists to block frames with protocols that are being routed.

Defining and Applying Extended Access Lists

If you are filtering by the MAC-layer address, whether it is by a specific MAC address, vendor code, or

protocol type, you can define and apply extended access lists. Extended access lists allow finer

granularity of control. They allow you to specify both source and destination addresses and arbitrary

bytes in the packet.

To define an extended access list, use the following command in global configuration mode:

To apply an extended access list to an interface, use one or both of the following commands in interface

configuration mode:

Command Purpose

bridge-group bridge-group input-type-list

access-list-number

Adds a filter for Ethernet- and SNAP-encapsulated packets on input.

bridge-group bridge-group output-type-list

access-list-number

Adds a filter for Ethernet- and SNAP-encapsulated packets on output.

Command Purpose

bridge-group bridge-group input-lsap-list

access-list-number

Adds a filter for IEEE 802-encapsulated packets on input.

bridge-group bridge-group output-lsap-list

access-list-number

Adds a filter for IEEE 802-encapsulated packets on output.

Command Purpose

access-list access-list-number {permit |

deny} source source-mask destination

destination-mask offset size operator operand

Defines an extended access list for finer control of bridged traffic.

Command Purpose

bridge-group bridge-group input-pattern-list

access-list-number

Applies an extended access list to the packets being received by an

interface.

bridge-group bridge-group output-pattern-list

access-list-number

Applies an extended access list to the packet being sent by an

interface.