178 Cisco LAN Switching Configuration Handbook
2. Create a VLAN map.
If the list you create is going to be mapped to a VLAN, you must configure a vlan
access-map to specify an access map name and the action to be taken for a specific
matched entry, as follows:
(global) vlan access-map name [number]
(vlan-map) match ip address {aclname | aclnumber}
(vlan-map) action {drop | forward}
An access map is a list of map clauses that specify what action is to be taken for
packets on the VLAN. When creating the access map, it is given a name, and then
subsequent clauses are given numbers. Each clause is checked to find a match for the
packets, and then the action specified for that clause is taken. If no clauses are
found, the packets are dropped. To create an access map, use the vlan access-map
command followed by a name. The number option is used for subsequent clauses in
the access map.
After you enter a map name, you are placed in access map configuration mode,
where you can specify an ACL name or number to identify the traffic to be acted
upon for a clause. For ACLs that are included in this access map, a permit statement
in the ACL is a match, and a deny is not a match for the given clause. After a match
is identified by an ACL, the action command specifies whether to drop or permit the
traffic. If none of the clauses match a given frame, the frame is dropped.
3. Apply the access lists.
After you create an access list, you need to apply the list to the VLAN:
(global) vlan filter mapname vlan-list list
To apply an access map to a VLAN for the IOS switches that support VACLs, use
the vlan filter command. The mapname option specifies the name of the map creat-
ed in Step 2. The vlan-list parameter is followed by a VLAN number or a list of
VLAN numbers to which the ACL will be applied.
Verification
To verify configuration of IOS VACLs, use the following commands:
(privileged) show ip access-lists [number | name]
(privileged) show vlan access-map [mapname]
(privileged) show vlan filter [access-map name | vlan vlan-id]
(privileged) show ip interface type number
Feature Example
This example shows the configuration for VACL filtering. In the list configured on this
switch, you want to meet the following conditions:
To Next Page
Loading...
Need help?
General
