51-21
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 51 Configuring Network Security with ACLs
Configuring VLAN Maps
• Drop all other non-IP packets
• Forward all IP packets
Switch(config)# mac access-list extended good-hosts
Switch(config-ext-macl)# permit host 000.0c00.0111 any
Switch(config-ext-macl)# permit host 000.0c00.0211 any
Switch(config-ext-nacl)# exit
Switch(config)# mac access-list extended good-protocols
Switch(config-ext-macl)# permit any any protocol-family decnet
Switch(config-ext-macl)# permit any any protocol-family vines
Switch(config-ext-nacl)# exit
Switch(config)# vlan access-map drop-mac-default 10
Switch(config-access-map)# match mac address good-hosts
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan access-map drop-mac-default 20
Switch(config-access-map)# match mac address good-protocols
Switch(config-access-map)# action forward
Example 4
In this example, the VLAN map is configured to drop all packets (IP and non-IP). By applying access
lists tcp-match and good-hosts, the VLAN map is configured to do the following:
• Forward all TCP packets
• Forward MAC packets from hosts 0000.0c00.0111 and 0000.0c00.0211
• Drop all other IP packets
• Drop all other MAC packets
Switch(config)# vlan access-map drop-all-default 10
Switch(config-access-map)# match ip address tcp-match
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan access-map drop-all-default 20
Switch(config-access-map)# match mac address good-hosts
Switch(config-access-map)# action forward
Applying a VLAN Map to a VLAN
To apply a VLAN map to one or more VLANs, perform this task:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# vlan filter mapname
vlan-list list
Applies the VLAN map to one or more VLAN IDs.
The list can be a single VLAN ID (22), a consecutive list (10-22), or
a string of VLAN IDs (12, 22, 30). Spaces around comma, and dash,
are optional.
Step 3
Switch(config)# show running-config
Displays the access list configuration.
Step 4
Switch(config)# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
To Next Page
Loading...
