Posted filed under Cisco CCNA, Cisco CCNP.

Now I will do small Lab:

In This Lab I have 6 host connected to a Switch, with Ip address
as follow 200.1.1.x where x=Router number,

I will go to my multi-layer switch and configure VACL=VLAN Access-list

My host in here act as router:


At the beginning since all router are in same subnets they can ping each other:


Goal is that the R1, R2,R3, will not be able to ping R4
in same VlAN,

This concept is same as Route-map that will be covered later on,
Here is what it will look like when I finish; it will read it from top to bottom as we see I can have VLAN-access map with no match ( it means all other traffic)

Here is the Final Result on the Switch (That I will configure it)

vlan access-map DROP_1234 10 ( 10=sequence number)
action drop
match ip address BLOCK_FIRST_THREE
vlan access-map DROP_1234 20 (20=seqence number)
action forward
vlan filter DROP_1234 vlan-list 1 (here we apply to the VLAN)

ip access-list extended BLOCK_FIRST_THREE ( here i have my goal)
permit ip host
source destination

Step 1) Define your interesting traffic

Sw1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#ip acc
Sw1(config)#ip acce
Sw1(config)#ip access-list ?
extended Extended Access List
log-update Control access list log updates
logging Control access list logging


Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF



[bs_icon name=”glyphicon glyphicon-expand”] Watch the video and you will be able to understand VACL Configuration much better and Please subscribe to our YouTube Channel.

Want more information on how to become Cisco CCNA Certified? Learn more!
Join our Cisco CCNA facebook study group!

Also published on Medium.

Comments are closed.