Now I will do small Lab:
In This Lab I have 6 host connected to a Switch, with Ip address
as follow 200.1.1.x where x=Router number,
I will go to my multi-layer switch and configure VACL=VLAN Access-list
My host in here act as router:
At the beginning since all router are in same subnets they can ping each other:
Goal is that the R1, R2,R3, will not be able to ping R4
in same VlAN,
This concept is same as Route-map that will be covered later on,
Here is what it will look like when I finish; it will read it from top to bottom as we see I can have VLAN-access map with no match ( it means all other traffic)
Here is the Final Result on the Switch (That I will configure it)
vlan access-map DROP_1234 10 ( 10=sequence number)
match ip address BLOCK_FIRST_THREE
vlan access-map DROP_1234 20 (20=seqence number)
vlan filter DROP_1234 vlan-list 1 (here we apply to the VLAN)
ip access-list extended BLOCK_FIRST_THREE ( here i have my goal)
permit ip 188.8.131.52 0.0.0.3 host 184.108.40.206
Step 1) Define your interesting traffic
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#ip access-list ?
extended Extended Access List
log-update Control access list log updates
logging Control access list logging
Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF
[bs_icon name=”glyphicon glyphicon-expand”] Watch the video and you will be able to understand VACL Configuration much better and Please subscribe to our YouTube Channel.
Also published on Medium.