VACLs and VLAN Tag information

Unanswered Question
Nov 4th, 2009

We are attempting to use VACLs to forward traffic for inspection to a NIDS solution. We would like to preserve the VLAN tags as the NIDS uses this as part of its policy. The question is does VACL support forwarding VLAN tags as well?

Kind regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbrenesj Wed, 11/04/2009 - 12:07

The VACL capture will "preserve" the 802.1q tags, this means if the source port is a trunk, if you configure the capture port like this:

Int gi5/1


switchport trunk encapsulation dot1q

switchport trunk allowed vlan x,y,z

switchport mode trunk

switchport nonegotiate

switchport capture

switchport capture allowed vlan x,y,z

The switchport nonegotiate command is required as I remember some cases in which this wasn't working unless you add this command

oseloka.obiora Thu, 11/05/2009 - 01:18

Thanks for your quick response! We'll get testing with this and let you know our results


This Discussion