Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

6509 VACL Capture Confusion

Hi,

We have 6509-E Core switch & we want to apply VACL Capture feature to monitor traffic coming from few subnets.

But we have alredy configured couple of VACLs to restrict/allow few subnets for some VLANs which I want to monitor too.

If I create new VACL for capturing purpose, then which VACL will be prefered first?

Please suggest the best way for this issue with configuration if possible.

Current VACLs Configuration:

ip access-list standard O11G_Deny_Traffic

permit any

ip access-list standard O11G_Permit_Traffic

permit 172.19.16.0 0.0.0.255

permit 172.30.16.0 0.0.0.255

permit 172.27.16.0 0.0.0.255

permit 172.19.17.0 0.0.0.255

permit 172.30.17.0 0.0.0.255

ip access-list standard Prod_Traffic

permit 172.30.1.0 0.0.0.255

permit 172.27.1.0 0.0.0.255

permit 172.19.1.0 0.0.0.255

ip access-list standard permit_traffic

permit any

vlan access-map PROD_ACL 10

match ip address Prod_Traffic

action drop

vlan access-map PROD_ACL 20

match ip address permit_traffic

action forward

vlan access-map ORACLE_11G 10

match ip address O11G_Permit_Traffic

action forward

vlan access-map ORACLE_11G 20

match ip address O11G_Deny_Traffic

action drop

vlan filter PROD_ACL vlan-list 17-18

Regards,

Mitesh Manwatkar

Everyone's tags (1)
162
Views
0
Helpful
0
Replies