Cisco CCNA/CCNP VACL Configuration
Now I will do small Lab:
In This Lab I have 6 host connected to a Switch, with Ip address
as follow 200.1.1.x where x=Router number,
I will go to my multi-layer switch and configure VACL=VLAN Access-list
My host in here act as router:
R1=200.1.1.1
R2=200.1.1.2
R3=200.1.1.3
R4=200.1.1.4
R5=200.1.1.5
R6=200.1.1.6
At the beginning since all router are in same subnets they can ping each other:
But
Goal is that the R1, R2,R3, will not be able to ping R4
in same VlAN,
This concept is same as Route-map that will be covered later on,
Here is what it will look like when I finish; it will read it from top to bottom as we see I can have VLAN-access map with no match ( it means all other traffic)
Here is the Final Result on the Switch (That I will configure it)
vlan access-map DROP_1234 10 ( 10=sequence number)
action drop
match ip address BLOCK_FIRST_THREE
vlan access-map DROP_1234 20 (20=seqence number)
action forward
!
vlan filter DROP_1234 vlan-list 1 (here we apply to the VLAN)
ip access-list extended BLOCK_FIRST_THREE ( here i have my goal)
permit ip 200.1.1.0 0.0.0.3 host 200.1.1.4
source destination
Step 1) Define your interesting traffic
Sw1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#ip acc
Sw1(config)#ip acce
Sw1(config)#ip access-list ?
extended Extended Access List
log-update Control access list log updates
logging Control access list logging
Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF
[bs_icon name=”glyphicon glyphicon-expand”] Watch the video and you will be able to understand VACL Configuration much better and Please subscribe to our YouTube Channel.
Want more information on how to become Cisco CCNA Certified? Learn more!
Join our Cisco CCNA facebook study group!
Also published on Medium.