Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
5
Helpful
3
Replies

Help needed with creating VLAN Map

MiltonConnor
Level 1
Level 1

‎10-24-2020 02:03 AM

Hi all,

 

I need some help w.r.t setting up VLAN maps/ACL.

 

The following scenario is what I need:

Three VLANs - VLAN10, VLAN20, VLAN30

VLAN10 - Should be able to access all packets on VLAN20 and VLAN 30

VLAN20 - Should only be able to access VLAN10

VLAN30 - Should be able to access both VLAN10 and VLAN20

 

I am using a catalyst 2960 switch.

 

Thank you for your consideration.

https://19216811.cam/ https://1921681001.id/
Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-24-2020 03:10 AM

you can start with VLAN ACL from below guide :

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/vacl.html

http://www.thepacketwizard.com/blog/2018/09/21/cisco-switch-vlan-acls-vacl/

 

Once you make the basic config if you stuck anywhere post the configuration here so we can help to tweak.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

pmckenzie
Level 3
Level 3

‎10-24-2020 08:28 PM

here are the steps I would carry out for vlan 10.

1. create an access list on your switch (assuming your vlan 10 is 192.168.10.0 network)

access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.20.0. 0.0.0.255

access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.30.0. 0.0.0.255

2. create an access map for VLAN 10 allowed drop others

vlan access-map TO-VLAN-20-30

match ip address 100

allow

This will default to drop for anything else

3. apply VLAN filter

vlan filter 100 vlan-list 10

4. apply to interface(s)

int fa0/1

switchport capture

 

 

 

There are worlds out there where the sky is burning, where the sea's asleep and the rivers dream, people made of smoke and cities made of song. Somewhere there's danger, somewhere there's injustice and somewhere else the tea is getting cold" Dr Who

paul driver
VIP
VIP

‎10-25-2020 07:17 PM

Hello

switch
ip access-list extended no_vl30
deny ip 30.30.30.0 0.0.0.255 any
permit ip any any

 

int vlan 20
ip access-group no_vl30-10 OUT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents