23-13
Cisco7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter23 Configuring Network Security
Configuring VLAN ACLs
When defining a VLAN access map, note the following syntax information:
•To insert or modify an entry, specify the map sequence number.
•If you do not specify the map sequence number, a number is automatically assigned.
•You can specify only one match clause and one action clause per map sequence.
•Use the no keyword with a sequence number to remove a map sequence.
•Use the no keyword without a sequence number to remove the map.
See the “VLAN Access Map Configuration and Verification Examples” section on page23-15.
Configuring a Match Clause in a VLAN Access Map SequenceTo configure a match clause in a VLAN access map sequence, perform this task:
When configuring a match clause in a VLAN access map sequence, note the following syntax
information:
•You can select one or more ACLs.
•VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs.
•Use the no keyword to remove a match clause or specified ACLs in the clause.
•For information about named MAC-Layer ACLs, refer to the “Configuring MAC-Layer Named
Access Lists (Optional)” section on page 32-39.
•For information about Cisco IOS ACLs, refer to the Cisco IOS Security Configuration Guide,
Release 12.1, “Traffic Filtering and Firewalls,” “Access Control Lists: Overview and Guidelines,”
at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/index.htm
See the “VLAN Access Map Configuration and Verification Examples” section on page23-15.
Command Purpose
Router(config-access-map)# match {ip address {1-199 |
1300-2699 | acl_name} | ipx address {800-999 |
acl_name}| mac address acl_name}
Configures the match clause in a VLAN access map sequence.
Router(config-access-map)# no match {ip address
{1-199 | 1300-2699 | acl_name} | ipx address {800-999
| acl_name}| mac address acl_name}
Deletes the match clause in a VLAN access map sequence.