Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
381
Views
0
Helpful
0
Comments

How to configure VACL (VLAN ACLs) for IDS shunning

TCC_2
Level 10
Level 10

‎06-22-2009 06:13 PM - edited ‎03-08-2019 06:27 PM

Core issue

A VLAN Access Control List (VACL) is an Access Control List (ACL) for a switch VLAN. The pre-block VACLs are permits at the top of the VACL, and the post-block VACLs are entries that belong at the bottom of the VACL. 

The sensor dynamically creates a VACL and applies it to certain VLANS (of your choice) on the switch. It then includes the VACLs that you have manually created. The pre-block is first, followed by the dynamic entries and then the post-block.

Resolution

A sample configuration of a VACL would look like this:

Console> (enable)set security acl ip  < postacl > permit arp
Console> (enable)set security acl ip  < postacl > permit ip any any

Determine the network's pre-shun and post-shun traffic, and customize it to suit configuration requirements.

Once the VACLs are defined on the switch, you can define the blocking device on Intrusion Detection System (IDS), and include the names for post-block and pre-block VACLs.

For more information on configuration with IDS device manager , refer to the Configuring Catalyst 6K Blocking Device Interfaces section of IDS Device Manager Configuration Tasks.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents