Vlan Access-List



  • Create access-lists with rules

(config)#access-list 131 permit udp any any eq bootps
(config)#access-list 131 permit udp any any eq bootpc

Allow dhcp traffic

(config)#access-list 133 permit ip 10.x.x.0

Deny traffic to corporate network

(config)#access-list 134 permit ip any any

Allow for all other traffic


  • Create vlan access-map

(config)#vlan access-map Guest 1

(config-access-map)#match ip address 131
(config-access-map)#action forward

If you do not put sequence number it will be assigned automatically

(config)#vlan access-map Guest 2
(config-access-map)#match ip address 133
(config-access-map)#action drop

Deny traffic to corporate network

(config)#vlan access-map Guest 3
(config-access-map)#match ip address 134
(config-access-map)#action forward

Allow any other traffic


  • Assing access-map to vlan

(config)#vlan filter Guest vlan-list x

x - vlan where we want to limit traffic

DO some tests in reality!!!

dzbanek 2011-11-14




This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.