04-30-2018 09:23 AM - edited 03-08-2019 02:50 PM
Hi All,
I am currently studying towards my CCNP Switch (300-115) exam, and need a little bit of help with VLAN Access-Lists.
In the below configuration, i am a little confused what the point of the config starting 'vlan access-map NOT-TO-SERVER 20' is. I get that the first 3 lines essentially prevents a host communicating with the host stated in ACL 100, however im a little puzzled by the next bit.
SW1(config)#vlan access-map NOT-TO-SERVER 10
SW1(config-access-map)#match ip address 100
SW1(config-access-map)#action drop
SW1(config-access-map)#vlan access-map NOT-TO-SERVER 20
SW1(config-access-map)#action forward
If you'd like to see the full config/topology, please go to the link below:
https://networklessons.com/cisco/ccie-routing-switching/vlan-access-list-vacl/
Kind regards,
Oli
Solved! Go to Solution.
04-30-2018 09:40 AM
Without the "vlan access-map NOT-TO-SERVER 20 " and the subsequent action forward, the route map would not allow any other packets to be forwarded. Consider it to be like an ACL with the implicit deny all at the end. It needs the match to allow all the other packets.
Hope this helps
04-30-2018 09:39 AM
Hi,
SW1(config-access-map)#vlan access-map NOT-TO-SERVER 20
This is the same line but with a different sequence number (20)
and this line
SW1(config-access-map)#action forward
Forward everything else, meaning communication from other hosts (192.168.1.1 and 2) is not blocked (forwarded).
HTH
04-30-2018 09:40 AM
Without the "vlan access-map NOT-TO-SERVER 20 " and the subsequent action forward, the route map would not allow any other packets to be forwarded. Consider it to be like an ACL with the implicit deny all at the end. It needs the match to allow all the other packets.
Hope this helps
05-01-2018 03:06 AM
Ah, thank you! I get it now. So basically if that command wasn't there, it would still drop all packets if they did not match Access-list 100.... kind of like a 'deny all' statement at the end of an ACL like you said.
Thanks again,
Oli
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide