Filter
Top Products
CONFIGURE HARDWARE ACLS
Configuring a
complex inter-VRF solution
Page 50 | Configure VRF-lite
Configure the
VLANs
VLANs are created in the VLAN database, and ports are assigned to relevant VLANs.
The access lists are assigned in order to the individual switch
ports as access groups. The
order in which the access groups are attached to a port is important - packets are matched
against the ACLs in the order they are attached to the interface.
In this example, three access groups are attached to port 1.0.1.
The first access group allow_to_self_10 permits traffic that has destination IP (192.168.10.0/
24) within the same IP subnet that the switch port is a member of.
The second access group access43 permits traffic that has destination IP (192.168.43.0/24)
within the external shared router subnet. This allows VRF red to access the subnet
192.168.43.0/24 via the shared VRF.
awplus(config)#access-list hardware access43
awplus(config-ip-hw-acl)#permit ip any 192.168.43.0/24
awplus(config-ip-hw-acl)#exit
awplus(config)#access-list hardware access44
awplus(config-ip-hw-acl)#permit ip any 192.168.44.0/24
awplus(config-ip-hw-acl)#exit
awplus(config)#access-list hardware access45
awplus(config-ip-hw-acl)#permit ip any 192.168.45.0/24
awplus(config-ip-hw-acl)#exit
awplus(config)#access-list hardware allow100_deny_private
awplus(config-ip-hw-acl)#permit ip any 192.168.100.0/24
awplus(config-ip-hw-acl)#deny ip any 192.168.0.0/16
awplus(config-ip-hw-acl)#exit
awplus(config)# access-list hardware allow_to_self_10
awplus(config-ip-hw-acl)#permit ip any 192.168.10.0/24
awplus(config-ip-hw-acl)#exit
awplus(config)# access-list hardware allow_to_self_20
awplus(config-ip-hw-acl)#permit ip any 192.168.20.0/24
awplus(config-ip-hw-acl)#exit
awplus(config)# access-list hardware allow_to_self_30
awplus(config-ip-hw-acl)#permit ip any 192.168.30.0/24
awplus(config-ip-hw-acl)#exit
awplus(config)# access-list hardware allow_to_self_40
awplus(config-ip-hw-acl)#permit ip any 192.168.40.0/24
awplus(config-ip-hw-acl)#exit