wiki.lkaplan.cz

====== VLAN Access Lists ======
VACL = Vlan Access Control List, Catalyst sw. dokáží pomocí VACL filtrovat provoz v rámci VLANy\\
Na rozdíl od klasického ACL se neaplikuje na interface, ale na VLANu jako celek

  * Switch(config)# **vlan access-map** //map-name [sequence-number]//
  * Switch(config-access-map)# **match ip address** //{acl-number | acl-name}//
  * Switch(config-access-map)# **match ipx address** //{acl-number | acl-name}//
  * Switch(config-access-map)# **match mac address** //acl-name//
  * Switch(config-access-map)# **action {drop | forward [capture] | redirect** //type mod/num//**}**
  * Switch(config)# **vlan filter** //map-name// **vlan-list** //vlan-list//

Příklad, host 192.168.99.17 nesmí kontaktovat nikoho v jeho subnetu a ve VLAN99:
<code>
Switch(config)# ip access-list extended local-17
Switch(config-acl)# permit ip host 192.168.99.17 192.168.99.0 0.0.0.255
Switch(config-acl)# exit
Switch(config)# vlan access-map block-17 10
Switch(config-access-map)# match ip address local-17
Switch(config-access-map)# action drop
Switch(config-access-map)# vlan access-map block-17 20
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan filter block-17 vlan-list 99
</code>
wiki.lkaplan.cz

User Tools

Site Tools

Page Tools
