Beruflich Dokumente
Kultur Dokumente
Procedure –
1. Define the standard or extended access list to be used in VACL –
An access-list
list should be defined to identify the type of traffic and the hosts on which it
is applied.
2. Define a VLAN access map –
A VLAN access-map map is defined in which hosts IP address will be matched (using the access-list
access
defined)
3. Configure an action clause in a VLAN access map ma sequence –
This will tell what action (forward or drop) should be taken on the traffic (defined in the VLAN
access-map)
4. Apply the VLAN access map to the specified VLANs –
The last step in the configuration of VACL is to create filter list specifying, on which VLAN the
access map has been applied.
5. Display VLAN access map information –
We can verify the information by using the command.
Configuration –
There is a switch named as switch1 which is connected to 3 routers named as Router1 (IP address-
192.168.1.1/24), Router2 (IP address-192.168.1.2/24)
address and Router3 (IP address-192.168.1.3/24)
192.168.1.3/24) as shown
in the figure.
In this task, we will deny traffic from Router1 to Router3 using VACL.
Configuring access-listlist on switch1 stating that all IP traffic
traffic should be allowed from host 192.168.1.1 to
192.168.1.3
switch1(config)#ip access-list
list extended My_access_list
switch1(config-ext-nacl)#permit
nacl)#permit ip host 192.168.1.1 host 192.168.1.3
In the first command, 20 is the sequence number which means this rule will be checked after the first rule
having sequence number 10.
At last, we will assign this access-map, named as My_access_list, to a VLAN (here VLAN 1)
switch1(config)#vlan filter Mapping vlan-list 1
This command will display the access-map. This will display the name of the access-map, sequence
number of the rule and the access-list name (that have been used).
switch1#show vlan filter
This will display the VLANs which are filtered by vlan access-map.