Thursday, April 21, 2011

ACLs on a switch

We are talking about filtering traffic going through the switch, not just using ACL on the switch's vty lines. The switch can use Router ACLs (RACL), Vlan ACLs (VACL) and Port ACLs (PACL)

  • VACL use RACL statement to identify the traffic
  • VACL use vlan access-map to tie the RACL statement to the VACL and the action
  • VACL are applied to VLANs with VLAN filter command in G-config mode
    • Switch(config)#ip access-list extended TEST1
    • Switch(config-ext-nacl)#permit ip 192.168.2.0 255.255.255.0 any
    • Switch(config)#vlan access-map DROP1
    • Switch(config-access-map)#match ip address TEST1
    • Switch(config-access-map)#action drop
    • Switch(config)#vlan filter DROP1 vlan-list 20-30

No comments:

Post a Comment