1 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Maps.

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Neutering Ettercap in Cisco Switched Networks For fun and Profit.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
Instructor & Todd Lammle
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
ICND2 – OSPF – Mark Lab Reset for lab 4 Configure 2 loopback interfaces on both routers –RTR1 – 10.X.X.2/32 and 10.X.X.3/32 (area X) –RTR2 – 10.X.X.4/32.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 8 – PIX Security Appliance Contexts, Failover, and Management.
Network Certification Preparation. Module - 5 Basic troubleshooting of IP addressing issues Basic troubleshooting of RIP and IGRP Basic troubleshooting.
© 2002, Cisco Systems, Inc. All rights reserved..
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 NGWC – Central Webauth (CWA) using ISE 3850 and 5760 Viten Patel – RTP Wireless.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Access Control Lists (ACLs)
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 9 Intermediate TCP/IP/ Access Control Lists (ACLs)
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
1 What Are Access Lists? –Standard –Checks Source address –Generally permits or denies entire protocol suite –Extended –Checks Source and Destination address.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Access Control Lists Accessing the WAN – Chapter 5.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
Restricting Access in the network
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Basic Switch Configurations.
ACCESS CONTROL LIST.
Access Control Lists (ACL). Access-List Overview 4 A Filter through which all traffic must pass 4 Used to Permit or Deny Access to Network 4 Provides.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against VLAN Attacks.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 VLAN Trunking Protocol Cisco Networking Academy.
NAT & PAT Network Address Translation Port Address Translation.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—7-1 Lesson 7 Access Control Lists and Content Filtering.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—6-1 Lesson 6 Translations and Connections.
Access Control Lists Mark Clements. 17 March 2009ITCN 2 This Week – Access Control Lists What are ACLs? What are they for? How do they work? Standard.
Wild Stuff ExtendedACLGeneralACLStandardACL Got the Right Number?
CCNA4 Perrine / Brierley Page 12/20/2016 Chapter 05 Access Control Non e0e1 s server.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
1 Pertemuan 24 Access Control List Fundamentals. Discussion Topics Introduction ACLs How ACLs work Creating ACLs The function of a wildcard mask Verifying.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Understanding Switch Security.
Accessing the WAN – Chapter 5
Switch Commands.
Chapter 10: DHCP Routing & Switching Chapter 10: DHCP
Accessing the WAN – Chapter 5
Introduction to Networking
Pass4itsure Cisco Dumps
Accessing the WAN – Chapter 5
Instructor & Todd Lammle
Access Control Lists CCNA 2 v3 – Module 11
Access Control Lists (ACLs)
Presentation transcript:

1 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Maps

222 © 2003, Cisco Systems, Inc. All rights reserved. The steps involved in implementing VLAN access lists: 1. Define VLAN Access Map. To define a VLAN access-map use the command: Switch(config)# vlan access-map | }} | {mac address } 3. Define the action to be performed on the filtered traffic. Use the command: Switch(config-access-map)# action {drop | forward [capture] | redirect / } 4. Apply the VACL to a VLAN interface. Use the global configuration command: Switch(config)# vlan filter vlan-list

333 © 2003, Cisco Systems, Inc. All rights reserved. Scenario Build and configure network Create VLAN 100 on switch. Client pool of addresses Allow Accounting Supervisors (Hosts /24) to reach the Accounting Server ( ) Block all other clients in the designated pool from reaching the server Allow ALL other clients outside of the designated pool to reach the server / /24 Fa0/3 Fa0/1

444 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Map Configuration Steps 1.Create named extended ACLs to identify source traffic An ‘allow’ address range‘ A ‘block’ address range The ‘default’ address range (all other traffic) Identify traffic from specific to general 2.Create VLAN Maps using numbered compound statements The numbered statements are executed in ascending order and identify the appropriate action for each address range: (action forward, action drop) 3. Apply the VLAN Map using a VLAN filter Identify the VLAN Map name and corresponding VLAN to be filtered.

555 © 2003, Cisco Systems, Inc. All rights reserved. Create named Extended ACLs Use specific Information for authorized traffic Allow Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp host eq www

666 © 2003, Cisco Systems, Inc. All rights reserved. Create named Extended ACLs Use specific Information for authorized traffic Allow-----Block Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp host eq www Switch(config)#ip access-list extended BlockAcctTraffic Switch(config-ext-nacl)#permit tcp host eq www

777 © 2003, Cisco Systems, Inc. All rights reserved. Create named Extended ACLs Use specific Information for authorized traffic Allow-----Block----- Default Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp host eq www Switch(config)#ip access-list extended BlockAcctTraffic Switch(config-ext-nacl)#permit tcp host eq www Switch(config)#ip access-list extended DefaultAcctTraffic Switch(config-ext-nacl)#permit ip any any

888 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Access Map Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit

999 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Access Map Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit Switch(config)# vlan access-map AcctTrafficMap 20 Switch(config-access-map)# match ip address BlockAcctTraffic Switch(config-access-map)#action drop Switch(config-access-map)#exit

10 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Access Map Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit Switch(config)# vlan access-map AcctTrafficMap 20 Switch(config-access-map)# match ip address BlockAcctTraffic Switch(config-access-map)#action drop Switch(config-access-map)#exit Switch(config)# vlan access-map AcctTrafficMap 30 Switch(config-access-map)# match ip address DefaultAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#end

11 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Filter & Apply to correct VLAN Switch(config)#vlan filter AcctTrafficMap vlan-list 100 To verfiy: show vlan filter

12 © 2003, Cisco Systems, Inc. All rights reserved. Corresponding parts-Allow Named ACL & VLAN Map Allow Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp host eq Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit..... Switch(config)#vlan filter AcctTrafficMap vlan-list 100

13 © 2003, Cisco Systems, Inc. All rights reserved. Corresponding parts-Block Named ACL & VLAN Map Block Switch(config)#ip access-list extended BlockAcctTraffic Switch(config-ext-nacl)#permit tcp host eq Switch(config)# vlan access-map AcctTrafficMap 20 Switch(config-access-map)# match ip address BlockAcctTraffic Switch(config-access-map)#action drop Switch(config-access-map)#exit..... Switch(config)#vlan filter AcctTrafficMap vlan-list 100

14 © 2003, Cisco Systems, Inc. All rights reserved. Corresponding parts-Default Named ACL & VLAN Map Default Switch(config)#ip access-list extended DefaultAcctTraffic Switch(config-ext-nacl)#permit ip any any..... Switch(config)# vlan access-map AcctTrafficMap 30 Switch(config-access-map)# match ip address DefaultAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit..... Switch(config)#vlan filter AcctTrafficMap vlan-list 100

15 © 2003, Cisco Systems, Inc. All rights reserved. Verify Configuration---Test Connectivity To verify configuration, use show vlan access-map To test connectivity or blocked connectivity Add clients with appropriate IP addresses or use extended ping commands

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.