Quick Vlan Map Question

Unanswered Question
Apr 6th, 2008

I have a question on how this works.

switch(config)#vlan access-map CISCO

<----- This sets the map name to Cisco

switch(config-access-map)#match ip address dog

<------ This sets the map to match the ACL named dog

switch(config-access-map)#action forward

<------ This forwards whatever is matched in the ACL above

switch(config)#vlan filter CISCO vlan-list 10-20

Now I'm not sure what happens. It applies the filter to Vlans 10-20 and does this mean it will only allow traffic that matches the ACL both in and out of the Vlans or just in or just out.

I understand it will drop what it doesn't match but how is it applied?

Can someone post a real world scenario where you would use a vlan map and what it would look like?

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Sun, 04/06/2008 - 19:17

""Now I'm not sure what happens. It applies the filter to Vlans 10-20 and does this mean it will only allow traffic that matches the ACL both in and out of the Vlans or just in or just out.""

Vlan map has no direction (input or output). In your case whatever traffic matches the ACL named dog in vlans 10-20 would be forwarded. If you want to filter traffic in a specific directon then you need to do that with your access list by specifiying the appropriate source and destination address.

Vlan map, as in ACL, has an implicit deny at the end. Any traffic that doesn't match any of the criteria will be dropped and hence, you may have to create a default action to forward all other traffic.

HTH

Sundar

miketta89 Sun, 04/06/2008 - 19:23

So if I have traffic in Vlan 9 that is trying to connect to a host in vlan 10 it will have to match the vlan map in order to be forwarded into vlan 10?

And if I have traffic in vlan 10 that is trying to get to vlan 9 it will be forwarded if it matches?

What about two hosts inside vlan 10 sending traffic to each other?

The documentation just isn't too clear about what it applies too.

sundar.palaniappan Mon, 04/07/2008 - 13:59

The answer to all your questions is YES. For any traffic that's originating from, received in or stays within VLAN 10 if you have a VLAN filter applied and if there's no match then it's automatically dropped by the switch. Hence, as I stated in my previous post, if your goal is drop only certain traffic then add a statement at the end to forward rest of the traffic.

HTH

Sundar

Actions

This Discussion