VACL – VLAN Access Lists

IP access control lists – ACLs are used by routers to deny or forward specific traffic from passing through some network interface. We can say that ACLs are used when traffic travels from one network address space to other. Cisco Catalyst switch can also have an ACL applied within a VLAN. This special kind of ACL is called a VLAN access control list – VACL.

First configuration here is showing us how to configure a VACL that permits Telnet traffic to a host, which have the IP address 10.2.2.13,e and stopping all other traffic. In this example there is a vlan access-map named YESTOTELNET that is configured to match access list 120. For sequence number 10, the specified action is to forward traffic matching that access list. All other traffic is dropped because of a default implicit drop instruction, which drops all traffic not explicitly permitted. Finally, the VLAN filter (that is, the VACL) is applied to VLANs in the range 1 to 50.

Continue reading