Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Maps.

Published byMeghan Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "1 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Maps."— Presentation transcript:

1 1 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Maps

2 222 © 2003, Cisco Systems, Inc. All rights reserved. The steps involved in implementing VLAN access lists: 1. Define VLAN Access Map. To define a VLAN access-map use the command: Switch(config)# vlan access-map | }} | {mac address } 3. Define the action to be performed on the filtered traffic. Use the command: Switch(config-access-map)# action {drop | forward [capture] | redirect / } 4. Apply the VACL to a VLAN interface. Use the global configuration command: Switch(config)# vlan filter vlan-list

3 333 © 2003, Cisco Systems, Inc. All rights reserved. Scenario Build and configure network Create VLAN 100 on switch. Client pool of addresses 192.168.100.1-192.168.100.254 Allow Accounting Supervisors (Hosts 192.168.100.9-15/24) to reach the Accounting Server (192.168.100.254) Block all other clients in the designated pool from reaching the server Allow ALL other clients outside of the designated pool to reach the server 192.168.100.9/24192.168.100.254/24 Fa0/3 Fa0/1

4 444 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Map Configuration Steps 1.Create named extended ACLs to identify source traffic An ‘allow’ address range‘ A ‘block’ address range The ‘default’ address range (all other traffic) Identify traffic from specific to general 2.Create VLAN Maps using numbered compound statements The numbered statements are executed in ascending order and identify the appropriate action for each address range: (action forward, action drop) 3. Apply the VLAN Map using a VLAN filter Identify the VLAN Map name and corresponding VLAN to be filtered.

5 555 © 2003, Cisco Systems, Inc. All rights reserved. Create named Extended ACLs Use specific Information for authorized traffic Allow Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.8 0.0.0.7 host 192.168.100.254 eq www

6 666 © 2003, Cisco Systems, Inc. All rights reserved. Create named Extended ACLs Use specific Information for authorized traffic Allow-----Block Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.8 0.0.0.7 host 192.168.100.254 eq www Switch(config)#ip access-list extended BlockAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.254 eq www

7 777 © 2003, Cisco Systems, Inc. All rights reserved. Create named Extended ACLs Use specific Information for authorized traffic Allow-----Block----- Default Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.8 0.0.0.7 host 192.168.100.254 eq www Switch(config)#ip access-list extended BlockAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.0 0.0.0.255 host 192.168.100.254 eq www Switch(config)#ip access-list extended DefaultAcctTraffic Switch(config-ext-nacl)#permit ip any any

8 888 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Access Map Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit

9 999 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Access Map Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit Switch(config)# vlan access-map AcctTrafficMap 20 Switch(config-access-map)# match ip address BlockAcctTraffic Switch(config-access-map)#action drop Switch(config-access-map)#exit

10 10 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Access Map Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit Switch(config)# vlan access-map AcctTrafficMap 20 Switch(config-access-map)# match ip address BlockAcctTraffic Switch(config-access-map)#action drop Switch(config-access-map)#exit Switch(config)# vlan access-map AcctTrafficMap 30 Switch(config-access-map)# match ip address DefaultAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#end

11 11 © 2003, Cisco Systems, Inc. All rights reserved. Create VLAN Filter & Apply to correct VLAN Switch(config)#vlan filter AcctTrafficMap vlan-list 100 To verfiy: show vlan filter

12 12 © 2003, Cisco Systems, Inc. All rights reserved. Corresponding parts-Allow Named ACL & VLAN Map Allow Switch(config)#ip access-list extended AllowAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.8 0.0.0.7 host 192.168.100.254 eq www..... Switch(config)# vlan access-map AcctTrafficMap 10 Switch(config-access-map)# match ip address AllowAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit..... Switch(config)#vlan filter AcctTrafficMap vlan-list 100

13 13 © 2003, Cisco Systems, Inc. All rights reserved. Corresponding parts-Block Named ACL & VLAN Map Block Switch(config)#ip access-list extended BlockAcctTraffic Switch(config-ext-nacl)#permit tcp 192.168.100.8 0.0.0.7 host 192.168.100.254 eq www..... Switch(config)# vlan access-map AcctTrafficMap 20 Switch(config-access-map)# match ip address BlockAcctTraffic Switch(config-access-map)#action drop Switch(config-access-map)#exit..... Switch(config)#vlan filter AcctTrafficMap vlan-list 100

14 14 © 2003, Cisco Systems, Inc. All rights reserved. Corresponding parts-Default Named ACL & VLAN Map Default Switch(config)#ip access-list extended DefaultAcctTraffic Switch(config-ext-nacl)#permit ip any any..... Switch(config)# vlan access-map AcctTrafficMap 30 Switch(config-access-map)# match ip address DefaultAcctTraffic Switch(config-access-map)#action forward Switch(config-access-map)#exit..... Switch(config)#vlan filter AcctTrafficMap vlan-list 100

15 15 © 2003, Cisco Systems, Inc. All rights reserved. Verify Configuration---Test Connectivity To verify configuration, use show vlan access-map To test connectivity or blocked connectivity Add clients with appropriate IP addresses or use extended ping commands

Download ppt "1 © 2003, Cisco Systems, Inc. All rights reserved. VLAN Maps."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Access Control Lists John Mowry.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Neutering Ettercap in Cisco Switched Networks For fun and Profit.

Neutering Ettercap in Cisco Switched Networks For fun and Profit.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Configuring IP ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
Instructor & Todd Lammle

Instructor & Todd Lammle
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 10 Access Control Lists CCNA2: Module 11.

WXES2106 Network Technology Semester /2005 Chapter 10 Access Control Lists CCNA2: Module 11.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Configuring VLANs.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—2-1 Implementing VLANs in Campus Networks Applying Best Practices for VLAN Topologies.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Similar presentations

Ads by Google