Chapter 23 Configuring Network Security
Configuring VLAN ACLs
This example shows how to define and apply a VLAN access map to forward IP packets. In this example, IP traffic matching net_10 is forwarded and all other IP packets are dropped due to the default drop action. The map is applied to VLAN 12 to 16.
Router(config)# vlan access-map thor 10
Router(config)# vlan filter thor
This example shows how to define and apply a VLAN access map to drop and log IP packets. In this example, IP traffic matching net_10 is dropped and logged and all other IP packets are forwarded:
Router(config)# vlan access-map ganymede 10
Router(config)# vlan
Router(config)# vlan filter ganymede
This example shows how to define and apply a VLAN access map to forward and capture IP packets. In this example, IP traffic matching net_10 is forwarded and captured and all other IP packets are dropped:
Router(config)# vlan access-map mordred 10
Router(config)# vlan filter mordred
Configuring a Capture Port
A port configured to capture
Note To apply IEEE 802.1Q or ISL tags to the captured traffic, configure the capture port to trunk unconditionally (see the “Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk” section on page
To configure a capture port, perform this task:
| Command | Purpose |
Step 1 |
|
|
Router(config)# interface {{type1 slot/port} | Specifies the interface to configure. | |
Step 2 |
|
|
(Optional) With Release 12.1(13)E and later releases, | ||
| vlan {add all except remove} vlan_list | filters the captured traffic on a |
|
| basis. The default is all. |
| Clears the configured destination VLAN list and returns | |
| vlan | to the default value (all). |
Step 3 |
|
|
Configures the port to capture | ||
| Disables the capture function on the interface. | |
|
|
|
1.type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
| Cisco 7600 Series Router Cisco IOS Software Configuration |
|