Cisco CCNA/CCNP VACL Configuration


Cisco CCNA CCNP VACL Configuration

Now I will do small Lab:

In This Lab I have 6 host connected to a Switch, with Ip address
as follow 200.1.1.x where x=Router number,

I will go to my multi-layer switch and configure VACL=VLAN Access-list

My host in here act as router:

R1=200.1.1.1
R2=200.1.1.2
R3=200.1.1.3
R4=200.1.1.4
R5=200.1.1.5
R6=200.1.1.6

At the beginning since all router are in same subnets they can ping each other:

But

Goal is that the R1, R2,R3, will not be able to ping R4
in same VlAN,

This concept is same as Route-map that will be covered later on,
Here is what it will look like when I finish; it will read it from top to bottom as we see I can have VLAN-access map with no match ( it means all other traffic)

Here is the Final Result on the Switch (That I will configure it)

vlan access-map DROP_1234 10 ( 10=sequence number)
action drop
match ip address BLOCK_FIRST_THREE
vlan access-map DROP_1234 20 (20=seqence number)
action forward
!
vlan filter DROP_1234 vlan-list 1 (here we apply to the VLAN)

ip access-list extended BLOCK_FIRST_THREE ( here i have my goal)
permit ip 200.1.1.0 0.0.0.3 host 200.1.1.4
source destination

Step 1) Define your interesting traffic

Sw1#config t
Enter configuration commands, one per line. End with CNTL/Z.
Sw1(config)#ip acc
Sw1(config)#ip acce
Sw1(config)#ip access-list ?
extended Extended Access List
log-update Control access list log updates
logging Control access list logging

 

Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF

 

 

[bs_icon name=”glyphicon glyphicon-expand”] Watch the video and you will be able to understand VACL Configuration much better and Please subscribe to our YouTube Channel.

50-discount-on-self-study-online-class
Want more information on how to become Cisco CCNA Certified? Learn more!
Join our Cisco CCNA facebook study group!


Also published on Medium.

Exit mobile version