Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
1
Replies

Confusion on VLAN Filtering using VLAN Access Map

Mitesh Manwatkar
Level 1
Level 1

‎05-25-2014 09:59 PM - edited ‎03-07-2019 07:31 PM

Hi,

I have following topology for my LAN at two sites.Both sites are connected over WAN.

site 1 :users---->2960-S----->trunk link---->6509-E     

site 2 :users---->2960-S----->trunk link---->6509-E     

On my cisco 2960-s I have defined vlans from 11 to 20 and interface vlan for the same on cisco 6509-E.

site 1:(int vlan 16 ------  172.19.16.0/24)  and site 2:(int vlan 16 ------  172.19.30.0/24)

I want to filter traffic for vlan 16 in such a way that only users from 172.19.16.0/24 and 172.30.16.0/24 subnet should access it and drop all other traffic.

I have define VACL as follows site 1:

ACL:

ip access-list standard O11G_Permit_Traffic

permit 172.19.16.0 0.0.0.255
permit 172.30.16.0 0.0.0.255

ip access-list standard O11G_Deny_Traffic

permit any

Access-Map:

vlan access-map ORACLE_11G 10
match ip address O11G_Permit_Traffic
action forward


vlan access-map ORACLE_11G 20
match ip address O11G_Deny_Traffic
action drop

VLAN FIlter:

vlan filter ORACLE_11G vlan-list  16

 

Will it work properly if I drop the statement permit 172.19.16.0 0.0.0.255

 

Kindly help to solve this confusion.

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Renan Abreu
Cisco Employee
Cisco Employee

‎06-01-2014 06:29 PM

It looks fine, I just think on the "20" statement you need no ACL

 

vlan access-map ORACLE_11G 20
action drop

0 Helpful
Customers Also Viewed These Support Documents