VLAN Acess-List (VACL) in Cisco Switch

VLAN Acess-List (VACL) in Cisco Switch

To create VLAN Access-Lists following steps are required

a. create mac/ip ACLs based on requirements
b. combine created ACLs under vlan access-map and indicate actions(drop/forward)
c. do not forget to allow all other traffic by permit all ACL
d. apply access-map to vlan by vlan filter command

mac access-list extended TEST-MAC-VACL
	permit host 0000.1234.5678 any

ip access-list extended PERMIT-VACL
	permit ip any any
 
ip access-list extended TEST-VACL
	permit tcp host 10.0.0.1 any eq 345
	permit udp host 10.0.0.1 any eq 245
 
vlan access-map TEST-VACL 10
	match ip address TEST-VACL
	action drop
vlan access-map VACL 20
	match mac address TEST-MAC-VACL
	action drop
vlan access-map VACL 30
	match ip address PERMIT-VACL
	action forward

vlan filter VACL vlan-list 133

Comments are closed.