Cisco show vlan access list
Cấu hình Vlan Access List (VACL) trên Switch Cisco Layer 3Thảo luận trong 'Switching' bắt đầu bởi baonguyen, 11/1/18.
Tags:
(Bạn phải Đăng nhập hoặc Đăng ký để trả lời bài viết.)
Show Ignored Content
Chia sẻ trang này
Tweet
Tên tài khoản hoặc địa chỉ Email:
Bạn đã có tài khoản rồi?
Trang chủ
Diễn đàn
>
Diễn đàn mạng máy tính
>
Mạng-Network
>
Switching
>
VLAN ACL (VACL)Prerequisite – Virtual LAN (VLAN), Access-lists (ACL) VLAN ACL (VACL) – Procedure –
Configuration – There is a switch named switch2 which is connected to 3 routers named Router1 (IP address-192.168.1.1/24), Router2 (IP address-192.168.1.2/24), and Router3 (IP address-192.168.1.3/24) as shown in the figure. Configuring IP address on Router2. Router2(config)#int fa0/0 Router2(config-if)#ip address 192.168.1.2 255.255.255.0 Router2(config-if)#no shutConfiguring IP address on Router3. Router3(config)#int fa0/0 Router3(config-if)#ip address 192.168.1.3 255.255.255.0 Router3(config-if)#no shutIn this task, we will deny traffic from Router1 to Router3 using VACL. Configuring access-list on switch2 stating that all IP traffic should be allowed from host 192.168.1.1 to 192.168.1.3 switch2(config)#ip access-list extended My_access_list switch2(config-ext-nacl)#permit ip host 192.168.1.1 host 192.168.1.3Now, configuring VLAN access-map which states that match the IP address defined in access-list and take action of drop (which means traffic should not be allowed from 192.168.1.1 to 192.168.1.3). switch2(config)#vlan access-map Mapping 10 switch2(config-access-map)#match ip address My_access_list switch2(config-access-map)#action drop switch2(config-access-map)#exitIn the first command, 10 is the sequence number of the access map. If we do not define any sequence number then it will automatically take 10 as a sequence number. The traffic from Router2 to Router3 will also get drop because no action is defined for this traffic (implicit deny). Therefore, we have to define another rule stating that the other traffic should be allowed. switch2(config)#vlan access-map Mapping 20 switch2(config-access-map)#action forward switch2(config-access-map)#exitIn the first command, 20 is the sequence number which means this rule will be checked after the first rule having sequence number 10. At last, we will assign this access-map, named My_access_list, to a VLAN (here VLAN 1) switch2(config)#vlan filter Mapping vlan-list 1To verify the configuration, use the command. switch2#show vlan access-mapThis command will display the access map. This will display the name of the access-map, sequence number of the rule, and the access-list name (that has been used). switch2#show vlan filterThis will display the VLANs which are filtered by the VLAN access map.
Article Tags :
Computer Networks
Practice Tags :
Computer Networks
Read Full Article
|