Cisco Systems 3560X Switch User Manual

Open as PDF

of 1438

37-34

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 37 Configuring Network Security with ACLs

Configuring VLAN Maps

Example 2

In this example, the VLAN map has a default action of drop for IP packets and a default action of forward

for MAC packets. Used with standard ACL 101 and extended named access lists igmp-match and

tcp-match, the map will have the following results:

• Forward all UDP packets

• Drop all IGMP packets

• Forward all TCP packets

• Drop all other IP packets

• Forward all non-IP packets

Switch(config)# access-list 101 permit udp any any

Switch(config)# ip access-list ex

tended igmp-match

Switch(config-ext-nacl)# permit i

gmp any any

Switch(config)# ip access-list ex

tended tcp-match

Switch(config-ext-nacl)# permit t

cp any any

Switch(config-ext-nacl)# exit

Switch(config)# vlan access-map d

rop-ip-default 10

Switch(config-access-map)# match

ip address 101

Switch(config-access-map)# action

forward

Switch(config-access-map)# exit

Switch(config)# vlan access-map d

rop-ip-default 20

Switch(config-access-map)# match

ip address igmp-match

Switch(config-access-map)# action

drop

Switch(config-access-map)# exit

Switch(config)# vlan access-map d

rop-ip-default 30

Switch(config-access-map)# match

ip address tcp-match

Switch(config-access-map)# action

forward

Example 3

In this example, the VLAN map has a default action of drop for MAC packets and a default action of

forward for IP packets. Used with MAC extended access lists good-hosts and good-protocols, the map

will have the following results:

• Forward MAC packets from hosts 0000.0c00.0111 and 0000.0c00.0211

• Forward MAC packets with decnet-iv or vines-ip protocols

• Drop all other non-IP packets

• Forward all IP packets

Switch(config)# mac access-list extended good-hosts

Switch(config-ext-macl)# permit h

ost 000.0c00.0111 any

Switch(config-ext-macl)# permit h

ost 000.0c00.0211 any

Switch(config-ext-nacl)# exit

Switch(config)# mac access-list e

xtended good-protocols

Switch(config-ext-macl)# permit a

ny any decnet-ip

Switch(config-ext-macl)# permit a

ny any vines-ip

Switch(config-ext-nacl)# exit

Switch(config)# vlan access-map d

rop-mac-default 10

Switch(config-access-map)# match

mac address good-hosts

Switch(config-access-map)# action

forward

Switch(config-access-map)# exit

Switch(config)# vlan access-map d

rop-mac-default 20

Switch(config-access-map)# match

mac address good-protocols

Switch(config-access-map)# action

forward

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 3560X Switch User Manual