+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
Switch(config)# ip access-list extended vacl_a
Switch(config-ip-ext-nacl-vacl_a)# permit ip any-source 192.168.0.0 0.0.0.255 time-range t1
Switch(config-ip-ext-nacl-vacl_a)# deny ip any-source any-destination time-range t1
3) Configure the extended acl_b of IP, at any time it only allows to access resource within the
internal network (such as 192.168.1.255).
Switch(config)#ip access-list extended vacl_b
Switch(config-ip-ext-nacl-vacl_a)# permit ip any-source 192.168.1.0 0.0.0.255
Switch(config-ip-ext-nacl-vacl_a)# deny ip any-source any-destination
4) Apply the configuration to VLAN
Switch(config)#firewall enable
Switch(config)#vacl ip access-group vacl_a in vlan 1
Switch(config)#vacl ip access-group vacl_b in vlan 2
49.4 VLAN-ACL Troubleshooting
When VLAN ACL and Port ACL are configured at the same time, the principle of denying firstly
is used. When the packets match VLAN ACL and Port ACL at the same time, as long as one
rule is drop, then the final action is drop.
Each ACL of different types can only apply one on a VLAN, such as the basic IP ACL, each
VLAN can applies one only.
To Next Page
Loading...
Need help?
General
