How VLAN Access Lists Work And Configuration Of VACL


We talked about many security techniques before, as you know methods like access-lists, pvlans and etc. are some of them. And VLAN Access Lists are filtering the traffic over VLANs. VACLs have almost same logic with route-maps ( i will write a long article about route-maps too later ). If you want to use VLAN access-lists make sure that you are using a multi-layer switch like Cisco 3750.


Let’s assume that clients on VLAN 10 are limited to / 24 and clients on VLAN 30 are limited to / 24. Here is the configuration example of VLAN Access List step by step :

First we create VLANs ;

SWITCH_A(conf)#VLAN 10
SWITCH_A(conf)#VLAN 30

Second, we create the ACLs

SWITCH_A(conf)#access-list 1 permit
SWITCH_A(conf)#access-list 2 permit

Then we create the VLAN Access map , match the IP address of ACL and forward them. And we drop rest of the traffic :

SWITCH_A(conf)#vlan access-map DEMO 10
SWITCH_A(config-access-map)#match ip address 1
SWITCH_A(config-access-map)#action forward
SWITCH_A(conf)#vlan access-map DEMO 20
SWITCH_A(config-access-map)#action drop
SWITCH_A(conf)#vlan filter DEMO vlan-list 10
SWITCH_A(conf)#vlan access-map DEMO2 10
SWITCH_A(conf)#match ip address 2
SWITCH_A(conf)#action forward
SWITCH_A(conf)#vlan filter DEMO2 vlan-list 30




Leave a Reply

Your email address will not be published. Required fields are marked *