Thursday, 25 October 2012

Switch Based Access Control

  • Control access to and from devices in the same VLAN using MAC address:
#conf t
#vlan access-map MAC_DENY 10
#action drop
#match mac address MAC_DENY_ACL

 #mac access-list extended MAC_DENY_ACL
#permit host 0000.0000.0001 host 0000.0000.0002

 #vlan filter MAC_DENY vlan-list 100

 This means traffic from 0000.0000.0001 to 0000.0000.0002 will be dropped in VLAN 100
  • Control access to and from devices in the same VLAN using IP address:
#conf t

#vlan access-map IP_DENY 10
#action drop
#match ip address 150

 #access-list 150 permit ip host 192.168.199.1 host 192.168.199.2

 #vlan filter IP_DENY vlan-list 100

 This means traffic from 192.168.199.1 to  192.168.199.2 will be dropped in VLAN 100
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)