Vlan Access-List

 

 

  • Create access-lists with rules

(config)#access-list 131 permit udp any any eq bootps
(config)#access-list 131 permit udp any any eq bootpc

Allow dhcp traffic

(config)#access-list 133 permit ip 10.x.x.0 0.0.0.255 10.0.0.0 0.255.255.255


Deny traffic to corporate network


(config)#access-list 134 permit ip any any


Allow for all other traffic

 

  • Create vlan access-map


(config)#vlan access-map Guest 1

(config-access-map)#match ip address 131
(config-access-map)#action forward
(config-access-map)#exit


If you do not put sequence number it will be assigned automatically


(config)#vlan access-map Guest 2
(config-access-map)#match ip address 133
(config-access-map)#action drop
(config-access-map)#exit


Deny traffic to corporate network


(config)#vlan access-map Guest 3
(config-access-map)#match ip address 134
(config-access-map)#action forward
(config-access-map)#exit


Allow any other traffic

 

  • Assing access-map to vlan

(config)#vlan filter Guest vlan-list x

x - vlan where we want to limit traffic

DO some tests in reality!!!

dzbanek 2011-11-14

 

 

 

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.