We talked about many security techniques before, as you know methods like access-lists, pvlans and etc. are some of them. And VLAN Access Lists are filtering the traffic over VLANs. VACLs have almost same logic with route-maps ( i will write a long article about route-maps too later ). If you want to use VLAN access-lists make sure that you are using a multi-layer switch like Cisco 3750.
Let’s assume that clients on VLAN 10 are limited to 10.1.10.0 / 24 and clients on VLAN 30 are limited to 10.1.30.0 / 24. Here is the configuration example of VLAN Access List step by step :
First we create VLANs ;
SWITCH_A(conf)#VLAN 10 SWITCH_A(conf)#VLAN 30
Second, we create the ACLs
SWITCH_A(conf)#access-list 1 permit 10.1.10.0 0.0.0.255 SWITCH_A(conf)#access-list 2 permit 10.1.30.0 0.0.0.255
Then we create the VLAN Access map , match the IP address of ACL and forward them. And we drop rest of the traffic :
SWITCH_A(conf)#vlan access-map DEMO 10 SWITCH_A(config-access-map)#match ip address 1 SWITCH_A(config-access-map)#action forward SWITCH_A(conf)#vlan access-map DEMO 20 SWITCH_A(config-access-map)#action drop SWITCH_A(conf)#vlan filter DEMO vlan-list 10
SWITCH_A(conf)#vlan access-map DEMO2 10 SWITCH_A(conf)#match ip address 2 SWITCH_A(conf)#action forward SWITCH_A(conf)#vlan filter DEMO2 vlan-list 30