06-26-2018 04:56 AM - edited 03-08-2019 03:28 PM
Hi All,
I am Amit Sharma, I need to configure VACL in Cisco nexus Switch C5672UP. Please share the command example for Block Inter VLAN routing.
Thanks
Amit
06-26-2018 06:58 AM
Hi,
Have a look at this config guide. It includes an example:
HTH
07-03-2018 07:36 PM
You can create or change a VACL. Creating a VACL includes creating an access map that associates an IP ACL or MAC ACL with an action to be applied to the matching traffic.
To create or change a VACL, perform this task:
Command
Purpose
Step 1
switch# configure terminal
Enters global configuration mode.
Step 2
switch(config)# vlan access-map map-name
Enters access map configuration mode for the access map specified.
Step 3
switch(config-access-map)# match ip address ip-access-list
Specifies a IPv4, and IPV6 ACL for the map.
switch(config-access-map)# match mac address mac-access-list
Specifies a MAC ACL for the map.
Step 4
switch(config-access-map)# action { drop | forward }
Specifies the action that the switch applies to traffic that matches the ACL.
Step 5
switch(config-access-map)# [ no ] statistics
(Optional) Specifies that the switch maintains global statistics for packets matching the rules in the VACL.
The no option stops the switch from maintaining global statistics for the VACL.
Step 6
switch(config-access-map)# show running-config
(Optional) Displays ACL configuration.
Step 7
switch(config-access-map)# copy running-config startup-config
(Optional) Copies the running configuration to the startup configuration.
07-10-2018 09:34 PM
Hi Saurav,
Thanks for your email..
First we have create a IP access list or we can configure direct IP access-map for blocking Inter vlan routing between two VLANs.
I have 4 VLANs in our test environment and 1 is users vlan, I need to block inter vlan communication between
Mgmt VLAN : 172.20.0.0/16
Server VLAN : 172.21.0.0/16
Database VLAN : 172.22.0.0/16
IT Users VLAN : 172.24.15.0/24
Finance Users VLAN : 172.24.10.0/24
Task to block : inter vlan communication between IT users VLAN and Finance Users VLAN and all three VLAN ( Server Mgmt and DB).
2. all three vlan ( Mgmt, Server and DB) are communicate with IT and Finance Users VLAN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide