Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
1
Replies

VLAN ACL High Avalaibility

Hubert Mayr-Kneilling
Level 1
Level 1

‎11-02-2006 05:22 AM - edited ‎03-05-2019 12:35 PM

Hello,

I have the following vlan access-map

vlan access-map MAP_VLAN 10

action forward

match ip address ACL_VLAN

vlan access-map MAP_VLAN 20

action drop

vlan filter MAP_VLAN vlan-list 200

This is implemented on two Catalyst4006. The VLAN 200 is routed and HSRP is configured.

The access-list ACL_VLAN is about 300 lines.

The access-list has to be changed on demand but without interuption of service.

How can this be done?

Up to now I delete the access-list and create it by purging a textfile into the configuration. But this takes about 2-3 minutes which is too long. While deleting and recreating the access-list all traffic is dropped.

Is there a way to implement an access-list faster as by purging it into the command-line interface?

Is it possible to switch to one HSRP-side while implementing the access-list on the other side? (I see hits on the access-list of both Catalyst, but only one of them is HSRP active)

regards

HMK

Labels:
0 Helpful
1 Reply 1

Mikhail.Galiulin
Level 1
Level 1

‎11-02-2006 11:49 PM

Hi,

You can do it with

"standby ... priority ..."

command. If you have preemption configured in your HSRP group ("standby ... preempt") you just need to configure router which you want to make active with higher priority than another one (you can use "show standby" to see the priority).

//Mikhail Galiulin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card