vlan access-map config trouble please help

esswokesswok Member Posts: 74 ■■□□□□□□□□
hi

I just cant seem to get these commands correct, and wonder if someone could post an example of a correct config; or suggest my error.

This is my specific area of trouble, but this may not be limited to an upstream confi error right.

this example can be found on page 399 Cisco press

sw1(config)#ip access-list extended local-17
sw1(config-acl)#permit ip host 192.168.99.17 192.168.99.0 0.0.0.255
sw1(config-acl)#exit
sw1(config)#vlan access-map block-17 10

^^^^^this is were I always get an error message^^^^^

sw1(config-access-map)#<<<(never goes into this config mode)

sw1(config-access-map)#


I am using a 2950/24 for practice, Ios v12.2

thanks for reading

Comments

  • pitviperpitviper CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT Member Posts: 1,376 ■■■■■■■□□□
    Is the command available on the 2950?

    What do you see when you type the following:

    sw1(config)#vlan ?
    CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
  • pitviperpitviper CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT Member Posts: 1,376 ■■■■■■■□□□
    Doesn't look like it's supported (possibly not at all on L2 only switches) - Some examples from 3 different platforms:

    2950(config)#vlan >?
    WORD

    2960(config)#vlan ?
    WORD ISL VLAN IDs 1-4094
    internal internal VLAN

    3560(config)#vlan ?
    WORD ISL VLAN IDs 1-4094
    access-map Create vlan access-map or enter vlan access-map command mode
    dot1q dot1q parameters
    filter Apply a VLAN Map
    group Create a vlan group
    internal internal VLAN
    CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
  • BroadcastStormBroadcastStorm Member Posts: 496
    pitviper wrote: »
    Doesn't look like it's supported (possibly not at all on L2 only switches) - Some examples from 3 different platforms:

    2950(config)#vlan >?
    WORD

    2960(config)#vlan ?
    WORD ISL VLAN IDs 1-4094
    internal internal VLAN

    3560(config)#vlan ?
    WORD ISL VLAN IDs 1-4094
    access-map Create vlan access-map or enter vlan access-map command mode
    dot1q dot1q parameters
    filter Apply a VLAN Map
    group Create a vlan group
    internal internal VLAN

    VACL's is only supported on Multi Layer Switches MLS, the technology was derived from a 6500, it looks like it's best used to redirect traffic on a SPAN port that is connected to a sniffer/security medium.
  • ConstantlyLearningConstantlyLearning Member Posts: 445
    VACL's is only supported on Multi Layer Switches MLS, the technology was derived from a 6500, it looks like it's best used to redirect traffic on a SPAN port that is connected to a sniffer/security medium.

    hmm, I'd be of the opinion that it's best/most used to control traffic flow within a VLAN. Although I'm open to correction. I doubt people do much more with SPAN/RSPAN traffic than just configuring the source and destination ports as part of the SPAN/RSPAN configuration.
    "There are 3 types of people in this world, those who can count and those who can't"
  • BroadcastStormBroadcastStorm Member Posts: 496
    hmm, I'd be of the opinion that it's best/most used to control traffic flow within a VLAN. Although I'm open to correction. I doubt people do much more with SPAN/RSPAN traffic than just configuring the source and destination ports as part of the SPAN/RSPAN configuration.

    Yes VACL is made for VLAN traffic flow control, my point was I really never seen this implemented on most networks.

    I'll try to recall and check which resource I got this from but it tells about VACL on 6500 switch redirecting VLAN traffic to an IDS/IPS device, I'll let people with experience chime in more on this.
  • BroadcastStormBroadcastStorm Member Posts: 496
    hmm, I'd be of the opinion that it's best/most used to control traffic flow within a VLAN. Although I'm open to correction. I doubt people do much more with SPAN/RSPAN traffic than just configuring the source and destination ports as part of the SPAN/RSPAN configuration.

    Check the links below, they used VACL's on the RSPAN configuration.

    SPAN-RSPAN Across multiple switches (7th Response) - Toolbox for IT Groups

    http://netqos.wikispaces.com/RSPAN
Sign In or Register to comment.