Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VACLs and VLAN Tag information

We are attempting to use VACLs to forward traffic for inspection to a NIDS solution. We would like to preserve the VLAN tags as the NIDS uses this as part of its policy. The question is does VACL support forwarding VLAN tags as well?

Kind regards

2 REPLIES
Silver

Re: VACLs and VLAN Tag information

The VACL capture will "preserve" the 802.1q tags, this means if the source port is a trunk, if you configure the capture port like this:

Int gi5/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan x,y,z

switchport mode trunk

switchport nonegotiate

switchport capture

switchport capture allowed vlan x,y,z

The switchport nonegotiate command is required as I remember some cases in which this wasn't working unless you add this command

New Member

Re: VACLs and VLAN Tag information

Thanks for your quick response! We'll get testing with this and let you know our results

253
Views
0
Helpful
2
Replies
CreatePlease to create content