35-17
Software Configuration Guide—Release 12.2(25)EW
OL-6696-01
Chapter 35 Configuring Network Security with ACLs
Configuring VLAN Maps
Figure 35-3 Wiring Closet Configuration
For example, if you do not want HTTP traffic to be switched from Host X to Host Y, you could apply a
VLAN map on Switch A to drop all HTTP traffic moving from Host X (IP address 10.1.1.32) to Host Y
(IP address 10.1.1.34) at Switch A and not bridge the traffic to Switch B. To configure this scenario, you
would do the following:
First, define an IP access list http to permit (match) any TCP traffic on the HTTP port, as follows:
Switch(config)# ip access-list extended http
Switch(config-ext-nacl)# permit tcp host 10.1.1.32 host 10.1.1.34 eq www
Switch(config-ext-nacl)# exit
Next, create a VLAN access map named map2 so that traffic that matches the http access list is dropped
and all other IP traffic is forwarded, as follows:
Switch(config)# vlan access-map map2 10
Switch(config-access-map)# match ip address http
Switch(config-access-map)# action drop
Switch(config-access-map)# exit
Switch(config)# ip access-list extended match_all
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit
Switch(config)# vlan access-map map2 20
Switch(config-access-map)# match ip address match_all
Switch(config-access-map)# action forward
Then, apply the VLAN access map named map2 to VLAN 1, as follows:
Switch(config)# vlan filter map2 vlan 1
Catalyst 4500 series switch
Switch A Switch C
Switch B
To Next Page
Loading...
Need help?
General
