Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
7
Replies

Vlan ACL

mansoor_nawaz78
Level 1
Level 1

‎03-15-2006 01:02 AM - edited ‎03-03-2019 02:17 AM

I am trying to configuring VACL, on a L3 & L2 swiches network, multiple VALN are running, how can i restrick a single user of any VLAN not to receive the broadcast of the other same VLAN, and second think, i implement this access list, if IP is 10.1.1.12

ip access-list extended NAME

permit ip host 10.1.1.12 10.1.1.0 0.0.0.255

and add this list into "VLAN access-map"

and use a "Vlan filter command" to implement this access list into a specific VLAN.

is it right ?

Labels:
0 Helpful
7 Replies 7

pkhatri
Level 11
Level 11

‎03-15-2006 03:18 AM

Yes, the procedure is correct.

From your ACL, it appears that there is only one device in that VLAN of yours. Is that correct ? The VACL will filter out traffic from any device other than that with ip 10.1.1.12. If that is what you want, then the VACL should work.

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

mansoor_nawaz78
Level 1
Level 1
In response to pkhatri

‎03-15-2006 03:33 AM

Thanks for Reply,

There is not only my device in the VLAN's, if there is 100 devices (client) will it work correct.

0 Helpful

pkhatri
Level 11
Level 11
In response to mansoor_nawaz78

‎03-15-2006 03:42 AM

If that is the case, it will not work too well.

Would you be able to explain your complete security requirements, in order for me to understand what you are trying to achieve ?

Paresh

0 Helpful

mansoor_nawaz78
Level 1
Level 1
In response to pkhatri

‎03-15-2006 04:12 AM

If we define a multiple VLANs in our networks, in a single VLAN, traffic broadcast for all that VLAN clients, how can i restrict this broADCAST TRAFFIC

0 Helpful

pkhatri
Level 11
Level 11
In response to mansoor_nawaz78

‎03-15-2006 04:18 AM

Hi,

Broadcast is useful for quite a lot of functions - things such as ARP, DHCP etc will break if you somehow filter out all broadcast traffic.

A better solution is to limited the amount of broadcast traffic per port using the 'storm-control broadcast level' command.

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

mansoor_nawaz78
Level 1
Level 1
In response to pkhatri

‎03-15-2006 05:08 AM

OK,

If i am using L3 switches for inter VLAN communication, will this storm control implement on L3 or L2 switches(through which client connected).

Thanks & Regard

0 Helpful

pkhatri
Level 11
Level 11
In response to mansoor_nawaz78

‎03-15-2006 05:14 AM

You would do that on the L2 switch ports...

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful
Customers Also Viewed These Support Documents