Vlan ACL

Unanswered Question
Mar 15th, 2006
User Badges:

I am trying to configuring VACL, on a L3 & L2 swiches network, multiple VALN are running, how can i restrick a single user of any VLAN not to receive the broadcast of the other same VLAN, and second think, i implement this access list, if IP is 10.1.1.12


ip access-list extended NAME

permit ip host 10.1.1.12 10.1.1.0 0.0.0.255


and add this list into "VLAN access-map"

and use a "Vlan filter command" to implement this access list into a specific VLAN.


is it right ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pkhatri Wed, 03/15/2006 - 03:18
User Badges:
  • Purple, 4500 points or more

Yes, the procedure is correct.


From your ACL, it appears that there is only one device in that VLAN of yours. Is that correct ? The VACL will filter out traffic from any device other than that with ip 10.1.1.12. If that is what you want, then the VACL should work.


Hope that helps - pls rate the post if it does.

Paresh

mansoor_nawaz78 Wed, 03/15/2006 - 03:33
User Badges:

Thanks for Reply,


There is not only my device in the VLAN's, if there is 100 devices (client) will it work correct.


pkhatri Wed, 03/15/2006 - 03:42
User Badges:
  • Purple, 4500 points or more

If that is the case, it will not work too well.


Would you be able to explain your complete security requirements, in order for me to understand what you are trying to achieve ?


Paresh

mansoor_nawaz78 Wed, 03/15/2006 - 04:12
User Badges:

If we define a multiple VLANs in our networks, in a single VLAN, traffic broadcast for all that VLAN clients, how can i restrict this broADCAST TRAFFIC


pkhatri Wed, 03/15/2006 - 04:18
User Badges:
  • Purple, 4500 points or more

Hi,


Broadcast is useful for quite a lot of functions - things such as ARP, DHCP etc will break if you somehow filter out all broadcast traffic.


A better solution is to limited the amount of broadcast traffic per port using the 'storm-control broadcast level' command.


Hope that helps - pls rate the post if it does.

Paresh

mansoor_nawaz78 Wed, 03/15/2006 - 05:08
User Badges:

OK,

If i am using L3 switches for inter VLAN communication, will this storm control implement on L3 or L2 switches(through which client connected).


Thanks & Regard

pkhatri Wed, 03/15/2006 - 05:14
User Badges:
  • Purple, 4500 points or more

You would do that on the L2 switch ports...


Hope that helps - pls rate the post if it does.

Paresh

Actions

This Discussion