From: Brandon Smithson (thesmithsons@verizon.net)
Date: Tue Jul 24 2007 - 20:06:18 ART
Isn't a vlan filter not bound to a direction. So you would add:
Permit tcp any eq www any
??
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Djerk Geurts
Sent: Tuesday, July 24, 2007 3:15 PM
To: 'Cisco certification'
Subject: Vlan access-map
Hi everyone,
Just going over my notes and was reminded of the following config:
Allow only http on a VLAN
vlan access-map only-http 10
action forward
match ip address http
!
ip access-list extended http
permit tcp any any eq www
!
vlan filter only-http vlan-list 11
Now is this the best way to apply an ACL to a vlan or should an interface
ACL be used. In my head I'd say the above if L3 inspection of a L2 vlan is
the objective. This as one can apply the ACL to the vlan without applying it
to a vlan interface which imho is L3 (bar bridging and MPLS configurations).
Is my recap correct?
-- Djerk www.djerk.nl
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART