Home > Others

An instance whose ACL configuration ensures the VLAN security of the switch

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

An example of how to configure an ACL to ensure the VLAN security of a vswitch. I would like to introduce the VLAN security problem of a vswitch to you. Many people may not understand the VLAN security problem of the vswitch. It does not matter. After reading this article, you will surely have a lot of GAINS, I hope this article will teach you more things.

As you know, ACL is a rule table. The switch executes these rules in sequence and processes each packet that enters the port. Each rule is either "Allowed" or "Denied" data packets based on the packet attributes (such as the source address, destination address, and Protocol. The access list can control the data flow through the vswitch. ACL

Access input and output control ensures that network devices are not illegally accessed or used as attack springboards.
Configure a VLAN for a vswitch
Switch (config) # vlan access-map test1
// Define a vlan accessmap named test1
Switch (config-vlan-access) # match ip address 101
// Set the matching rule to acl 101
Switch (config-vlan-access) # action forward
// Set forward after matching)
Switch (config) # vlan access-map test2
// Define a vlan accessmap named test2
Switch (config-vlan-access) # match ip address 102
// Set the matching rule to acl 102
Switch (config-vlan-access) # action forward
// Set forward after matching)
Apply VACL
Switch (config) # vlan filter test1 vlan-list 10
// Apply test1 configured above to vlanl0
Switch (config) # vlan filter test2 vlan-list 20
// Apply test2 configured above to vlan20

How to configure the VLAN security of a private Switch
Define secondary VLAN10, 20, and 30
Switch (config) # vlan 10
Switch (config-vlan) # private vlan community
Define primary VLANIO0 and establish relationships with all auxiliary VLANs
Switch (config) # vlan 100
Switch (config-vlan) # private vlan community
Switch (config-vlan) # private vlan association 10, 20, 30

Define the port mode in the VLAN security issue of the private switch as Host or Promiscuous, and configure the association or ing.
Switch (config-if) # switchport mode private host
Switch (config-if) # switchport mode private host-association 100 30

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress the field 3com switch vlan configuration example cisco switch vlan configuration step by step pdf juniper vlan configuration private vlan configuration example vlan capable switch switch vlan tagging

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More