VLAN Acess-List (VACL) in Cisco Switch
To create VLAN Access-Lists following steps are required
a. create mac/ip ACLs based on requirements
b. combine created ACLs under vlan access-map and indicate actions(drop/forward)
c. do not forget to allow all other traffic by permit all ACL
d. apply access-map to vlan by vlan filter command
mac access-list extended TEST-MAC-VACL permit host 0000.1234.5678 any ip access-list extended PERMIT-VACL permit ip any any ip access-list extended TEST-VACL permit tcp host 10.0.0.1 any eq 345 permit udp host 10.0.0.1 any eq 245 vlan access-map TEST-VACL 10 match ip address TEST-VACL action drop vlan access-map VACL 20 match mac address TEST-MAC-VACL action drop vlan access-map VACL 30 match ip address PERMIT-VACL action forward vlan filter VACL vlan-list 133