Prerequisites for PBF
None.
Restrictions for PBF
- PBF is performed in software, with optional rate limiters to control CPU usage.
- PBF is applied only to ingress traffic.
- To allow traffic in both directions between two VLANs, you must configure PBF in both VLANs.
- You can configure PBF between hosts in different switches.
- By default, PBF hosts in the same VLAN cannot communicate with each other. To allow local communication, use the local keyword.
- When configuring the vlan filter command, specify only one VLAN after the vlan-list keyword. If you specify more than one VLAN, PBF will ignore all but the last VLAN in the list.
- Layer 2 port ACLs (PACLs) take precedence over PBF.
- If the sending VLAN is shut down, PBF will still function. Shutting down a VLAN disables Layer 3 functionality, but PBF is a Layer 2 function.
Information About PBF
PBF is a MAC-address VACL that bridges packets between VLANs. PBF forwards packets based solely on the source and destination MAC addresses, ignoring any information above Layer 2.
Default Settings for PBF
None.
How to Configure PBF
To configure PBF, perform this task on each source VLAN:
|
|
|
Step 1 |
Router(config)# mac host my_host mac_addr |
(Optional) Assigns a name to the MAC address of the source host. |
Step 2 |
Router(config)# mac access-list extended macl_name |
Configures a MAC ACL. |
Step 3 |
Router(config-ext-macl)# permit host my_host any |
Configures an access control entry (ACE) to permit traffic from the named host to any other address. Hosts can be specified by a name or by a MAC address. |
Step 4 |
Router(config-ext-macl)# permit host my_host host other_host |
Configures an ACE to permit traffic from the named host to one other host. |
Step 5 |
Router(config-ext-macl)# exit |
Exits ACL configuration. |
Step 6 |
Router(config)# vlan access-map map_name |
Defines a VLAN access map. |
Step 7 |
Router(config-access-map)# match mac address macl_name |
Applies the MAC ACL to this VLAN access map. |
Step 8 |
Router(config-access-map)# action forward vlan other_vlan_ID [ local ] |
Forwards matching traffic to the other VLAN. Note By default, PBF-specified devices on the same VLAN cannot communicate with each other. To allow local communication by the host, use the local keyword. |
Step 9 |
Router(config-access-map)# exit |
Exits access map configuration. |
Step 10 |
Router(config)# vlan filter map_name vlan-list my_vlan_ID |
Applies the VLAN access map to the specified VLAN. |
Step 11 |
Router(config)# interface vlan my_vlan_ID |
Enters interface configuration mode for the VLAN. |
Step 12 |
Router(config-if)# mac packet-classify |
Classifies incoming or outgoing Layer 3 packets on this VLAN as Layer 2 packets. |
Step 13 |
Router(config-if)# exit |
Exits interface configuration mode. |
Step 14 |
Router(config)# exit |
Exits global configuration mode. |
Monitoring PBF
- The output of the show vlan mac-pbf config command displays the following fields for configured PBF paths:
– Rcv Vlan — The number of the VLAN to which packets are forwarded by PBF.
– Snd Vlan — The number of the VLAN which will forward packets by PBF.
– DMAC — The MAC address of the destination host on the receiving VLAN.
– SMAC — The MAC address of the source host on the sending VLAN.
– (Local) — Displays 1 if the local keyword is configured in the action forward vlan command on the sending VLAN; displays 0 if the local keyword is not configured.
– (Packet counter) — The number of packets that have been forwarded from the sending VLAN to the receiving VLAN. To clear this counter, enter the clear vlan mac-pbf counters command.
– Pkts dropped — The number of packets that have been dropped by the sending VLAN. To clear this counter, enter the clear vlan mac-pbf counters command.
Configuration Examples for PBF
This example shows how to configure and display PBF to allow two hosts in separate VLANs (“red” VLAN 100 and “blue” VLAN 200) on the same switch to exchange packets:
Router(config)# mac host host_red3 0001.0002.0003
Router(config)# mac access-list extended macl_red
Router(config-ext-macl)# permit host host_red host host_blue
Router(config-ext-macl)# exit
Router(config)# vlan access-map red_to_blue
Router(config-access-map)# match mac address macl_red
Router(config-access-map)# action forward vlan 200 local
Router(config-access-map)# exit
Router(config)# vlan filter red_to_blue vlan-list 100
Router(config)# interface vlan 100
Router(config-if)# mac packet-classify
Router(config)# mac host host_blue5 0001.0002.0005
Router(config)# mac access-list extended macl_blue
Router(config-ext-macl)# permit host host_blue host host_red
Router(config-ext-macl)# exit
Router(config)# vlan access-map blue_to_red
Router(config-access-map)# match mac address macl_blue
Router(config-access-map)# action forward vlan 100
Router(config-access-map)# exit
Router(config)# vlan filter blue_to_red vlan-list 200
Router(config)# interface vlan 200
Router(config-if)# mac packet-classify
Router# show vlan mac-pbf config
Rcv Vlan 100, Snd Vlan 200, DMAC 0001.0002.0003, SMAC 0001.0002.0005 1 15
Rcv Vlan 200, Snd Vlan 100, DMAC 0001.0002.0005, SMAC 0001.0002.0003 0 23
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum