CCNP Switch VACL
-
@Ronnie-Wong I Have been following time permitting all the way up to VACL's. You kind of threw me through a loop on this one. I need something to help better obsorb the cli for VACL's, and how in depth I should know for 300-115. Do you have additional sources on this, Or can I schedule a one on one with you to help me obsorb VACL from a CLI perspective?
-
@Matthew-Smallwood,
Do you need help with the commands or the logic?The CCNP expects you to know the commands and when or why you would choose to use something like a VACL.
-
when the packet you need to filter isn't routed.
-
you can apply them to mac as well ip layer traffic
-
you can use them to filter traffic even within a single VLAN.
You need to remember that you configure a match ( identify your traffic) and
you need to configure an action (drop, forward, redirect...etc) of what to do with the traffic.Then where to apply the traffic with a VLAN access map statement.
e.g.
Create an access list to permit the 10.0.0.0/8. Then allow only network to forward but all others to be dropped for vlans 20-30.
Router(config)# access-list net_10 permit ip 10.0.0.0 0.255.255.255 any Router(config)# vlan access-map BOB 10 Router(config-access-map)# match ip address net_10 Router(config-access-map)# action forward Router(config-access-map)# exit Router(config)# vlan filter BOB vlan-list 20-40
-
-
@Ronnie-Wong Ronnie, thank you, I appreciate. I think I got it now, It has been a while, I forgot and you even mentioned it in the video, the implicit deny rules, and you need to create the action of what you want to do, drop, filter, forward after you allow the any traffic
-
Let me know...sometimes I believe I'm clear, when I'm not.