Using Vlan Maps In Your Network; Wiring Closet Configuration - Cisco 3020 - Catalyst Blade Switch Configuration Manual

Configuring VLAN Maps

Using VLAN Maps in Your Network

These sections describes some typical uses for VLAN maps:
•
•

Wiring Closet Configuration

In a wiring closet configuration, the switch can support a VLAN map and a QoS classification ACL. In
Figure
switches A and C. Traffic from Host X to Host Y is eventually being routed by Switch B, a Layer 3 switch
with routing enabled. Traffic from Host X to Host Y can be access-controlled at the traffic entry point,
Switch A.
Figure 26-3
VLAN map: Deny HTTP
If you do not want HTTP traffic switched from Host X to Host Y, you can configure a VLAN map on
Switch A to drop all HTTP traffic from Host X (IP address 10.1.1.32) to Host Y (IP address 10.1.1.34)
at Switch A and not bridge it to Switch B.
First, define the IP access list http that permits (matches) any TCP traffic on the HTTP port.
Switch(config)# ip access-list extended http
Switch(config-ext-nacl)# permit tcp host 10.1.1.32 host 10.1.1.34 eq www
Switch(config-ext-nacl)# exit
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
26-28
Wiring Closet Configuration, page 26-28
Denying Access to a Server on a VLAN, page 26-29
26-3, assume that Host X and Host Y are in different VLANs and are connected to wiring closet
Wiring Closet Configuration
Switch A
from X to Y.
HTTP is dropped
at entry point.
VLAN 1
VLAN 2
Packet
Switch B
Host X Host Y
10.1.1.32 10.1.1.34
Chapter 26 Configuring Network Security with ACLs
Switch C
OL-8915-01