Vlan access-map

From: Djerk Geurts (djerk@djerk.nl)
Date: Tue Jul 24 2007 - 17:14:59 ART

• Next message: Bit Gossip: "Re: ip igmp access-group command"
• Previous message: sirus MOGHADASIAN: "Re: need help:problem with AAA authorization with Radius"
• Next in thread: Djerk Geurts: "FW: Vlan access-map"
• Maybe reply: Djerk Geurts: "FW: Vlan access-map"
• Maybe reply: Brandon Smithson: "RE: Vlan access-map"
• Maybe reply: Djerk Geurts: "RE: Vlan access-map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi everyone,

Just going over my notes and was reminded of the following config:

Allow only http on a VLAN

vlan access-map only-http 10
action forward
match ip address http
!
ip access-list extended http
permit tcp any any eq www
!
vlan filter only-http vlan-list 11

Now is this the best way to apply an ACL to a vlan or should an interface
ACL be used. In my head I'd say the above if L3 inspection of a L2 vlan is
the objective. This as one can apply the ACL to the vlan without applying it
to a vlan interface which imho is L3 (bar bridging and MPLS configurations).

Is my recap correct?

-- 
Djerk
www.djerk.nl

• Next message: Bit Gossip: "Re: ip igmp access-group command"
• Previous message: sirus MOGHADASIAN: "Re: need help:problem with AAA authorization with Radius"
• Next in thread: Djerk Geurts: "FW: Vlan access-map"
• Maybe reply: Djerk Geurts: "FW: Vlan access-map"
• Maybe reply: Brandon Smithson: "RE: Vlan access-map"
• Maybe reply: Djerk Geurts: "RE: Vlan access-map"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART