Cisco CCNA CCNP VACL

Posted filed under Cisco CCNA, Cisco CCNP.


Now I will do small Lab:

In This Lab I have 6 host connected to a Switch, with Ip address
as follow 200.1.1.x where x=Router number,

I will go to my multi-layer switch and configure VACL=VLAN Access-list

My host in here act as router:

R1=200.1.1.1
R2=200.1.1.2
R3=200.1.1.3
R4=200.1.1.4
R5=200.1.1.5
R6=200.1.1.6

At the beginning since all router are in same subnets they can ping each other:

But

Goal is that the R1, R2,R3, will not be able to ping R4
in same VlAN,

This concept is same as Route-map that will be covered later on,
Here is what it will look like when I finish; it will read it from top to bottom as we see I can have VLAN-access map with no match ( it means all other traffic)

Here is the Final Result on the Switch (That I will configure it)

vlan access-map DROP_1234 10 ( 10=sequence number)
action drop
match ip address BLOCK_FIRST_THREE
vlan access-map DROP_1234 20 (20=seqence number)
action forward
!
vlan filter DROP_1234 vlan-list 1 (here we apply to the VLAN)

ip access-list extended BLOCK_FIRST_THREE ( here i have my goal)
permit ip 200.1.1.0 0.0.0.3 host 200.1.1.4
source destination

Step 1) Define your interesting traffic

Sw1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#ip acc
Sw1(config)#ip acce
Sw1(config)#ip access-list ?
extended Extended Access List
log-update Control access list log updates
logging Control access list logging

 

Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF

 

 

Watch the video and you will be able to understand VACL Configuration much better and Please subscribe to our YouTube Channel.

50-discount-on-self-study-online-class
Want more information on how to become Cisco CCNA Certified? Learn more!
Join our Cisco CCNA facebook study group!


Also published on Medium.

Comments are closed.