01-04-2008 09:55 AM - edited 03-05-2019 08:17 PM
Hello!
Plz Experts;convert these entry to a simple Vlan-access-list instead of whole lines
10xs
ip access-list extended ACL-ACL
permit tcp 192.168.128.0 0.0.127.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.64.0 0.0.63.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.32.0 0.0.31.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.16.0 0.0.15.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.12.0 0.0.3.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.11.0 0.0.0.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.8.0 0.0.1.255 10.10.100.0 0.0.0.255 eq 80
permit tcp 192.168.0.0 0.0.7.255 10.10.100.0 0.0.0.255 eq 80
permit ip 192.168.0.0 0.0.255.255 10.10.100.0 0.0.0.255
01-04-2008 11:01 AM
Hi Ali :)
I don't really understand your question and I believe you asked this before, can you explain a little better what you are after ?
01-04-2008 11:14 AM
Hello Edison1
i mean via this config:
ip access-list Standard ACL-1
permit 192.168.0.0 0.0.255.255
vlan-access map Fliter 10 ????????
??????????? and so on.i dont know what next?????????????
and the vlan should be applied on it vlan 199
10xs Edusson
01-04-2008 01:39 PM
Understood, you want to configure a VACL.
From the ACL you have, just do:
vlan-access map ALI
match ip address ACL-ACL
action forward
vlan filter ALI vlan-list 199
For more information see:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12240se/scg/swacl.htm#wp1600210
01-05-2008 07:16 AM
hi Edisson
i guess we need here an Action Drop and do we need to mention the eq 80 with the defined vlan access-list
10xs
01-05-2008 09:21 AM
I don't see any deny statement in your ACL. Whatever is not in the ACL will be dropped.
It's an implicit denied.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide