Now I will do small Lab:
In This Lab I have 6 host connected to a Switch, with Ip address
as follow 200.1.1.x where x=Router number,
I will go to my multi-layer switch and configure VACL=VLAN Access-list
My host in here act as router:
At the beginning since all router are in same subnets they can ping each other:
Goal is that the R1, R2,R3, will not be able to ping R4
in same VlAN,
This concept is same as Route-map that will be covered later on,
Here is what it will look like when I finish; it will read it from top to bottom as we see I can have VLAN-access map with no match ( it means all other traffic)
Here is the Final Result on the Switch (That I will configure it)
vlan access-map DROP_1234 10 ( 10=sequence number)
match ip address BLOCK_FIRST_THREE
vlan access-map DROP_1234 20 (20=seqence number)
vlan filter DROP_1234 vlan-list 1 (here we apply to the VLAN)
ip access-list extended BLOCK_FIRST_THREE ( here i have my goal)
permit ip 220.127.116.11 0.0.0.3 host 18.104.22.168
Step 1) Define your interesting traffic
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#ip access-list ?
extended Extended Access List
log-update Control access list log updates
logging Control access list logging
Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF
Watch the video and you will be able to understand VACL Configuration much better and Please subscribe to our YouTube Channel.
Also published on Medium.