User Tools

Site Tools


tech:network:cisco:acl:vacl:vacl

Cisco VACL

Blueprint

  • CCIE R&S
    • Written v5.1
      • 5.0 Infrastructure Security
        • 5.2 Network security
          • 5.2.a [i] VACL, PACL
    • Lab v5.0
      • 5.0 Infrastructure Security
        • 5.2 Network security
          • 4.2.a [i] VACL, PACL

Physical Lab

Base Configuration

  • SW1
configure terminal
!
vtp mode transparent
!
vlan 128-130
exit
!
ip routing
!
spanning-tree portfast default
!
interface Vlan 128
 ip address 10.0.128.1 255.255.255.0
 no shutdown
exit
interface Vlan 129
 ip address 10.0.129.1 255.255.255.0
 no shutdown
exit
interface Vlan 130
 ip address 10.0.130.1 255.255.255.0
 no shutdown
exit
interface FastEthernet 1/0/1
 switchport mode access
 switchport access vlan 128
exit
interface FastEthernet 1/0/2
 switchport mode access
 switchport access vlan 130
exit
interface FastEthernet 1/0/4
 switchport mode access
 switchport access vlan 129
exit
interface FastEthernet 1/0/5
 switchport mode access
 switchport access vlan 128
exit
!
end
  • R1
configure terminal
!
interface FastEthernet 0/0
 ip address 10.0.128.101 255.255.255.0
 no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.128.1
!
line vty 0 15
 privilege level 15
 password kotone
 login
exit
!
end
  • R2
configure terminal
!
interface FastEthernet 0/0
 ip address 10.0.130.102 255.255.255.0
 no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 10.0.130.1
!
line vty 0 15
 privilege level 15
 password kotone
 login
exit
!
end

VACL Configuration

  • SW1
configure terminal
!
access-list 101 permit ip 10.0.129.0 0.0.0.255 any
!
mac access-list extended DBSV
 permit host 001b.2a77.66d2 any
exit
!
vlan access-map V-MAP 10
 match ip address 101
 action drop
exit
vlan access-map V-MAP 20
 match mac address DBSV
 action drop
exit
vlan access-map V-MAP 30
 action forward
exit
!
vlan filter V-MAP vlan-list 128
!
end
vlan filter V-MAP vlan-list 128, 130

Verification

SW1 Console Log

References

tech/network/cisco/acl/vacl/vacl.txt · Last modified: 2019/09/07 15:32 by wnoguchi