Configuring Vlan Maps - Cisco Catalyst 3750 Software Configuration Manual
Metro switch
Hide thumbs
Also See for Catalyst 3750:
- Command reference manual (1154 pages) ,
- Hardware installation manual (231 pages) ,
- Message manual (120 pages)
Table of Contents
Advertisement
Chapter 25
Configuring Network Security with ACLs
To remove the specified access group, use the no mac access-group {name} interface configuration
command.
This example shows how to apply MAC access list mac1 on an interface to filter packets entering the
interface:
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# mac access-group mac1 in
The mac access-group interface configuration command is only valid when applied to a physical
Note
Layer 2 interface.You cannot use the command on EtherChannel port channels.
After receiving a packet, the switch checks it against the inbound ACL. If the ACL permits it, the switch
continues to process the packet. If the ACL rejects the packet, the switch discards it. When you apply an
undefined ACL to an interface, the switch acts as if the ACL has not been applied and permits all packets.
Remember this behavior if you use undefined ACLs for network security.
Configuring VLAN Maps
This section describes how to configure VLAN maps, which is the only way to control filtering within
a VLAN. VLAN maps have no direction. To filter traffic in a specific direction by using a VLAN map,
you need to include an ACL with specific source or destination addresses. If there is a match clause for
that type of packet (IP or MAC) in the VLAN map, the default action is to drop the packet if the packet
does not match any of the entries within the map. If there is no match clause for that type of packet, the
default is to forward the packet.
Note
For complete syntax and usage information for the commands used in this section, refer to the command
reference for this release.
To create a VLAN map and apply it to one or more VLANs, perform these steps:
Create the standard or extended IP ACLs or named MAC extended ACLs that you want to apply to the
Step 1
VLAN. See the
VLAN Map" section on page
Enter the vlan access-map global configuration command to create a VLAN ACL map entry.
Step 2
In access map configuration mode, optionally enter an action—forward (the default) or drop—and
Step 3
enter the match command to specify an IPv4 packet or a non-IPv4 packet (with only a known MAC
address) and to match the packet against one or more ACLs (standard or extended).
Note
Step 4
Use the vlan filter global configuration command to apply a VLAN map to one or more VLANs.
78-15870-01
"Creating Standard and Extended IP ACLs" section on page 25-6
25-28.
If the VLAN map has a match clause for the type of packet (IP or MAC) and the packet does not
match the type, the default is to drop the packet. If there is no match clause in the VLAN map
for that type of packet, and no action specified, the packet is forwarded.
Catalyst 3750 Metro Switch Software Configuration Guide
Configuring VLAN Maps
and the
"Creating a
25-27
Advertisement
Table of Contents
Troubleshooting
