cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
223
Views
0
Helpful
0
Replies
Mitesh Manwatkar
Beginner

6509 VACL Capture Confusion

Hi,

We have 6509-E Core switch & we want to apply VACL Capture feature to monitor traffic coming from few subnets.

But we have alredy configured couple of VACLs to restrict/allow few subnets for some VLANs which I want to monitor too.

If I create new VACL for capturing purpose, then which VACL will be prefered first?

Please suggest the best way for this issue with configuration if possible.

Current VACLs Configuration:

ip access-list standard O11G_Deny_Traffic

permit any

ip access-list standard O11G_Permit_Traffic

permit 172.19.16.0 0.0.0.255

permit 172.30.16.0 0.0.0.255

permit 172.27.16.0 0.0.0.255

permit 172.19.17.0 0.0.0.255

permit 172.30.17.0 0.0.0.255

ip access-list standard Prod_Traffic

permit 172.30.1.0 0.0.0.255

permit 172.27.1.0 0.0.0.255

permit 172.19.1.0 0.0.0.255

ip access-list standard permit_traffic

permit any

vlan access-map PROD_ACL 10

match ip address Prod_Traffic

action drop

vlan access-map PROD_ACL 20

match ip address permit_traffic

action forward

vlan access-map ORACLE_11G 10

match ip address O11G_Permit_Traffic

action forward

vlan access-map ORACLE_11G 20

match ip address O11G_Deny_Traffic

action drop

vlan filter PROD_ACL vlan-list 17-18

Regards,

Mitesh Manwatkar

0 REPLIES 0