54-25
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 54 Configuring Network Security with ACLs
Displaying VLAN Access Map Information
Step 2 Define a VLAN map using the ACL to drop IP packets that match SERVER1_ACL and forward IP
packets that do not match the ACL.
Switch(config)# vlan access-map SERVER1_MAP
Switch(config-access-map)# match ip address SERVER1_ACL
Switch(config-access-map)# action drop
Switch(config)# vlan access-map SERVER1_MAP 20
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Step 3 Apply the VLAN map to VLAN 10.
Switch(config)# vlan filter SERVER1_MAP vlan-list 10.
Displaying VLAN Access Map Information
To display information about VLAN access maps or VLAN filters, perform one of these commands:
it is a sample output of the show vlan access-map command:
Switch# show vlan access-map
Vlan access-map "map_1" 10
Match clauses:
ip address: ip1
Action:
drop
Vlan access-map "map_1" 20
Match clauses:
mac address: mac1
Action:
forward
Vlan access-map "map_1" 30
Match clauses:
Action:
drop
Note Sequence 30 does not have a match clause. All packets (IP as well as non-IP) are matched against it and
dropped.
it is a sample output of the show vlan filter command:
Switch# show vlan filter
VLAN Map map_1 is filtering VLANs:
20-22
Command Purpose
Switch# show vlan access-map [mapname]
Shows information about all VLAN access maps or the
specified access map.
Switch# show vlan filter [access-map name |
vlan vlan-id]
Shows information about all VLAN filters or about a
specified VLAN or VLAN access map.
To Next Page
Loading...
