However, a Cisco Catalyst switch can have an ACL applied within a VLAN. This intra-VLAN ACL is called a VLAN access control list (VACL). Example shows the configuration of a VACL that permits Telnet traffic to be sent to a host at IP address 10.1.1.2 while denying all other traffic. Notice that a vlan access-map named ALLOWTELNET is configured to match access list 100. For sequence number 10, the specified action is to forward traffic matching that access list. All other traffic is dropped because of a default implicit drop instruction, which drops all traffic not explicitly permitted. Finally, the VLAN filter (that is, the VACL) is applied to VLANs in the range 1 to 100.
Example Configuring a VACL
SW3550(config)# access-list 100 permit tcp any host 10.1.1.2 eq telnet
SW3550(config)# vlan access-map ALLOWTELNET 10
SW3550(config-access-map)# match ip address 100
SW3550(config-access-map)# action forward
SW3550(config-access-map)# exit
SW3550(config)# vlan filter ALLOWTELNET vlan-list 1-100
See Also:
biOos
No comments:
Post a Comment