Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

VLAN ACL High Avalaibility

Hello,

I have the following vlan access-map

vlan access-map MAP_VLAN 10

action forward

match ip address ACL_VLAN

vlan access-map MAP_VLAN 20

action drop

vlan filter MAP_VLAN vlan-list 200

This is implemented on two Catalyst4006. The VLAN 200 is routed and HSRP is configured.

The access-list ACL_VLAN is about 300 lines.

The access-list has to be changed on demand but without interuption of service.

How can this be done?

Up to now I delete the access-list and create it by purging a textfile into the configuration. But this takes about 2-3 minutes which is too long. While deleting and recreating the access-list all traffic is dropped.

Is there a way to implement an access-list faster as by purging it into the command-line interface?

Is it possible to switch to one HSRP-side while implementing the access-list on the other side? (I see hits on the access-list of both Catalyst, but only one of them is HSRP active)

regards

HMK

1 REPLY
New Member

Re: VLAN ACL High Avalaibility

Hi,

You can do it with

"standby ... priority ..."

command. If you have preemption configured in your HSRP group ("standby ... preempt") you just need to configure router which you want to make active with higher priority than another one (you can use "show standby" to see the priority).

//Mikhail Galiulin

111
Views
0
Helpful
1
Replies