Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VACL help

I am trying to stop users within a certin VLAN (VLAN20) from ?chatting? with other users within the same VLAN. The users are in the 10.x.24.x range. This VACL will be applied to a 3750 and 4500. Is the below all I?ll need to accomplish this?

ip access-list extended secure-workstation-traffic

permit ip 10.0.24.1 0.255.0.0 any

deny ip 10.0.24.0 0.255.7.255 10.0.24.0 0.255.7.255

permit ip any any

vlan access-map secure-workstation-traffic 10

action forward

match ip address secure-workstation-traffic

vlan filter secure-workstation-traffic vlan-list 20

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VACL help

I usually like to place explicit drop and forward statements in there just for readability. But yes that should work just so long as you don't have any port ACLs applied.

Be careful when mixing port based ACLs and VACLs. The behavior is platform-specific. What works on say a 3550 will probably not work on a 3750 or 6500.

Also on some platforms you really have to hunt through the cli to find stats on dropped packets, and often it won't tell you rule by rule or even which access map is dropping packets.

1 REPLY
New Member

Re: VACL help

I usually like to place explicit drop and forward statements in there just for readability. But yes that should work just so long as you don't have any port ACLs applied.

Be careful when mixing port based ACLs and VACLs. The behavior is platform-specific. What works on say a 3550 will probably not work on a 3750 or 6500.

Also on some platforms you really have to hunt through the cli to find stats on dropped packets, and often it won't tell you rule by rule or even which access map is dropping packets.

95
Views
0
Helpful
1
Replies