Example 143 Configuring a VLAN

3550_switch(config)#vlan access-map allow_ip 10

! Define the VLAN map 'allowip'

3550_s(config-access-map)#action forward

! Forward ACL permitip

3550_s(config-access-map)#match ip address permitip ! Call ACL permitip 3550_s(config-access-map)#exit 3550_switch(config)#

3550_switch(config)#ip access-list extended permitip

! ACL permitip

3550_swi(config-ext-nacl)#permit ip host 172.16.100.7 host 172.16.100.3 3550_swi(config-ext-nacl)#permit ip host 172.16.100.3 host 172.16.100.7 3550_swi(config-ext-nacl)#exit 3550_switch(config)#

3550_switch(config)#vlan filter allow_ip vlan-list 100

! Apply VLAN map to VLAN 100 3550_switch(config)#

To verify the VLAN map, use the show vlan access-map and the show access-list commands to configuration.

MAC filte rs cvn u se VLAN maps to control nonroutable traffic such as NetBIOS or Systems Network (SNA).Example 1-44 lists the configuration used to prevent nonsecure hosts from communicating w other vip nonrou table proooco^ Norte that this mlp controlo nonrohted traffic an d wiN have no imp-example a Mows nonroutable traffic between the two MAC addresses 0000.1058.0792 and 00e0.1e5 the rest of the network, but the two hosts cannot talk to each other.

0 0

Post a comment