hit counter script

Denying Access To A Server On Another Vlan - Cisco WS-C3550-12G Software Configuration Manual

Multilayer switch
Hide thumbs Also See for WS-C3550-12G:
Table of Contents

Advertisement

Chapter 19
Configuring Network Security with ACLs
Then, apply VLAN access map map2to VLAN 1.
Switch(config)# vlan filter map2 vlan 1

Denying Access to a Server on Another VLAN

You can restrict access to a server on another VLAN. For example, server 10.1.1.100 in VLAN 10 needs
to have access restricted as follows (see
Figure 19-5 Deny Access to a Server on Another VLAN
10.1.1.100
10.1.1.4
10.1.1.8
This example shows how to deny access to a server on another VLAN by creating the VLAN map
SERVER 1 that denies access to hosts in subnet 10.1.2.0/8, host 10.1.1.4, and host 10.1.1.8 and permits
other IP traffic. The final step is to apply the map SERVER1 to VLAN 10.
Step 1
Define the IP ACL that will match the correct packets.
Switch(config)# ip access-list extended SERVER1_ACL
Switch(config-ext-nacl))# permit ip 10.1.2.0 0.0.0.255 host 10.1.1.100
Switch(config-ext-nacl))# permit ip host 10.1.1.4 host 10.1.1.100
Switch(config-ext-nacl))# permit ip host 10.1.1.8 host 10.1.1.100
Switch(config-ext-nacl))# exit
Define a VLAN map using this ACL that will drop IP packets that match SERVER1_ACL and forward
Step 2
IP packets that do not match the ACL.
Switch(config)# vlan access-map SERVER1_MAP
Switch(config-access-map)# match ip address SERVER1_ACL
Switch(config-access-map)# action drop
Switch(config)# vlan access-map SERVER1_MAP 20
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Step 3
Apply the VLAN map to VLAN 10.
Switch(config)# vlan filter SERVER1_MAP vlan-list 10.
78-11194-03
Hosts in subnet 10.1.2.0/8 in VLAN 20 should not have access.
Hosts 10.1.1.4 and 10.1.1.8 in VLAN 10 should not have access.
VLAN map
Server (VLAN 10)
Host (VLAN 10)
Host (VLAN 10)
Figure
19-5):
Catalyst 3550 switch
with enhanced multilayer
software image
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring VLAN Maps
Subnet
10.1.2.0/8
Host (VLAN 20)
Packet
19-35

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst 3550

Table of Contents