Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

VACLs and VLAN Tag information

oseloka.obiora
Level 1
Level 1

‎11-04-2009 02:41 AM - edited ‎03-06-2019 08:26 AM

We are attempting to use VACLs to forward traffic for inspection to a NIDS solution. We would like to preserve the VLAN tags as the NIDS uses this as part of its policy. The question is does VACL support forwarding VLAN tags as well?

Kind regards

Labels:
0 Helpful
2 Replies 2

jbrenesj
Level 3
Level 3

‎11-04-2009 12:07 PM

The VACL capture will "preserve" the 802.1q tags, this means if the source port is a trunk, if you configure the capture port like this:

Int gi5/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan x,y,z

switchport mode trunk

switchport nonegotiate

switchport capture

switchport capture allowed vlan x,y,z

The switchport nonegotiate command is required as I remember some cases in which this wasn't working unless you add this command

0 Helpful

oseloka.obiora
Level 1
Level 1
In response to jbrenesj

‎11-05-2009 01:18 AM

Thanks for your quick response! We'll get testing with this and let you know our results

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card