Specifications
CHAPTER 7
Campus Network Security
VACLs
Cisco switches support of various kinds of ACLs:
n Traditional Router ACL (RACL)
n QoS ACL
n VA C L
VLAN access control lists (VACL) are similar to route-maps because they are composed of statements that contain match
and set conditions. In a VACL, the “set” conditions are called “actions.” Actions include forward, drop, and redirect.
Like route-maps, VACL statements are numbered for ordering. After configuration, VACLs are applied to traffic to speci-
fied VLANs.
The following is a sample VACL that instructs the switch to drop traffic matching ACL 101 (not shown) and forward all
other traffic:
Switch(config)# vlan access-map Drop101 10
Switch(config-access-map)# match ip address 101
Switch(config-access-map)# action drop
!
Switch(config-access-map)#
vlan access-map Drop101 20
Switch(config-access-map)# action forward
!
Switch(config)#
vlan filter Drop101 vlan-list 10
To view VACL settings, use the commands show vlan access-map vacl_name or show vlan filter access-map
vacl_name.
[ 85 ]
© 2010 Pearson Education, Inc. All rights reserved. This publication is protected by copyright. Please see page 112 for more details.
CCNP SWITCH 642-813 Quick Reference by Denise Donohue
9781587140112.qxd 11/23/09 11:35 AM Page 85
www.CareerCert.info