IT support: VLAN packet filtering - vlan access-map command

Home
Cisco
- CCNA
- CCDP
- CCNP
- CCSP
- CCVP
- CCIE
- Cisco points
- Cisco solutions
- LAB
Microsoft
- MCSA
- MCSE
- Windows points
- Windows solutions
- LAB
IBM
- Storage points
- Tivoli
- Lotus
- Siebel
OTHERS
FORUM

VLAN packet filtering - vlan access-map command

[5/24/2010 09:31:00 PM | ]

vlan access-map

Use the vlan access-map global configuration command on the switch stack or on a standalone switch to create or modify a VLAN map entry for VLAN packet filtering. This entry changes the mode to the VLAN access map configuration. Use the no form of this command to delete a VLAN map entry. Use the vlan filter interface configuration command to apply a VLAN map to one or more VLANs.

vlan access-map name [number]

no vlan access-map name [number]

Syntax Description

name	Name of the VLAN map.
number	(Optional) The sequence number of the map entry that you want to create or modify (0 to 65535). If you are creating a VLAN map and the sequence number is not specified, it is automatically assigned in increments of 10, starting from 10. This number is the sequence to insert to, or delete from, a VLAN access-map entry.

Defaults

There are no VLAN map entries and no VLAN maps applied to a VLAN.

Command Modes

Global configuration

Command History

Release	Modification
12.1(11)AX	This command was first introduced.

Usage Guidelines

In global configuration mode, use this command to create or modify a VLAN map. This entry changes the mode to VLAN access-map configuration, where you can use the match access-map configuration command to specify the access lists for IP or non-IP traffic to match and use the action command to set whether a match causes the packet to be forwarded or dropped.

In VLAN access map configuration mode, these commands are available:

•action: sets the action to be taken (forward or drop).

• default: sets a command to its defaults

• exit: exits from VLAN access-map configuration mode

• match: sets the values to match (IP address or MAC address).

• no: negates a command or set its defaults

When you do not specify an entry number (sequence number), it is added to the end of the map.

There can be only one VLAN map per VLAN and it is applied as packets are received by a VLAN.

You can use the no vlan access-map name [number] command with a sequence number to delete a single entry.

In global configuration mode, use the vlan filter interface configuration command to apply the map to one or more VLANs.

Examples

This example shows how to create a VLAN map named vac1 and apply matching conditions and actions to it. If no other entries already exist in the map, this will be entry 10.

Switch(config)# vlan access-map vac1

Switch(config-access-map)# match ip address acl1

Switch(config-access-map)# action forward

This example shows how to delete VLAN map vac1:

Switch(config)# no vlan access-map vac1

Related Commands


Command	Description
action	Sets the action for the VLAN access map entry.
match (access-map configuration))	Sets the VLAN map to match packets against one or more access lists.
show vlan access-map	Displays information about a particular VLAN access map or all VLAN access maps.
vlan filter	Applies the VLAN access map to one or more VLANs.

vlan filter

Use the vlan filter global configuration command on the switch stack or on a standalone switch to apply a VLAN map to one or more VLANs. Use the no form of this command to remove the map.

vlan filter mapname vlan-list list

no vlan filter mapname vlan-list list

Syntax Description


mapname	Name of the VLAN map entry.
list	The list of one or more VLANs in the form tt, uu-vv, xx, yy-zz, where spaces around commas and dashes are optional. The range is 1 to 4094.

Defaults

There are no VLAN filters.

Command Modes

Global configuration

Command History


Release	Modification
12.1(11)AX	This command was first introduced.

Usage Guidelines

To avoid accidentally dropping too many packets and disabling connectivity in the middle of the configuration process, we recommend that you completely define the VLAN access map before applying it to a VLAN.

Examples

This example applies VLAN map entry map1 to VLANs 20 and 30:

Switch(config)# vlan filter map1 vlan-list 20, 30

This example shows how to delete VLAN map entry mac1 from VLAN 20:

Switch(config)# no vlan filter map1 vlan-list 20

You can verify your settings by entering the show vlan filter privileged EXEC command.

Related Commands


Command	Description
show vlan access-map	Displays information about a particular VLAN access map or all VLAN access maps.
show vlan filter	Displays information about all VLAN filters or about a particular VLAN or VLAN access map.
vlan access-map	Creates a VLAN map entry for VLAN packet filtering.

About Me

This is a personal blog about connectivity for learning - funny - sharing and reference, in my opinion, covers everything about IT network infrastructures and all of its related components, like new software and/or hardware from vendors like Cisco Systems, Microsoft, IBM, HP, CheckPoint, Juniper and other things and so on. So that some blogs also contain useful configuration examples, posts and articles, at least for me, from different network components. I created this blog to share my knowledge with other people and hopefully someone will share his knowledge with me ... contains blogs about everything related to IT network infrastructures. Most of the blogs contain experiences of myself during my work.

Who am I ... My name is Huynh Phi Long and currently I work as a IT network administrator at PPF - Homecredit.

You can contact to me by email: longhp@live.com

vlan access-map

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

vlan filter

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

About Me

Chat Box

Google Maps

Visitor Locations

Lunar Calendar

Link URL

Followers

English study

Others

Tham khảo Blogroll