13 April 2014

VLAN Access MAP Example

Network Topology for VLAN Access MAP configuration


The objective of the VLAN access map is to deny all IP traffic from VLAN 20 from reaching the server in VLAN 10. A specific host in VLAN 10 with an IP address of 192.168.10.40/24 is also denied access to the server. All other IP traffic is allowed. A 3560 switch is used for this example.

3560(config)# ip access-list extended DENY_SERVER_ACL
3560(config-ext-nacl)# permit ip 192.168.20.0 0.0.0.255 host 192.168.10.10
3560(config-ext-nacl)# permit ip host 192.168.10.40 host 192.168.10.10
3560(config-ext-nacl)# exit

3560(config)# vlan access-map DENY_SERVER_MAP
3560(config-access-map)# match ip address DENY_SERVER_ACL
3560(config-access-map)# action drop
3560(config-access-map)# exit

3560(config)# vlan access-map DENY_SERVER_MAP
3560(config-access-map)# action forward
3560(config-access-map)# exit

3560(config)# vlan filter DENY_SERVER_MAP vlan-list 10




biOos
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)