Home > Others

VACL test for switch

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A. Test topology:

R1------------SW1------------------(mac:2.2.2) R2

|

R3

R1,r2,r3 in VLAN11, R1 connection SW1 interface manually specify the MAC address for the 1.1.1,R2 connection SW1 interface manually specified MAC address is 2.2.2;

The IP address of the R1 interface is 10.1.1.1;

The IP address of the R2 interface is 10.1.1.2;

The IP address of the R3 interface is 10.1.1.3.

Two. Switch VACL the first configuration mode:

Mac Access-list Extended R2

Permit host 0002.0002.0002 Any (can only mask non-IP packets, such as ARP packets)

Access-list Permit IP host 10.1.1.3 any

VLAN ACCESS-MAP Test 10

Match IP Address 100

Action Drop

VLAN Access-map Test 20

Match MAC address R2

Action Drop

VLAN ACCESS-MAP Test 30

Action forward

!

VLAN Filter Test Vlan-list 11

Because SW1 rejected R2 packets (the ARP response packet was rejected), R1 and R3 do not have an ARP entry for the R2 interface address, which causes R1 to ping and Telnet R2, and if R1 manually add the ARP entry for the R2 interface address, R1 can pint and Telnet R2, It's OK to come back.

A.R1 PING R3

R1#ping 10.1.1.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.3, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

r3#

*feb 11:19:41.002:icmp:echo reply sent, src 10.1.1.3, DST 10.1.1.1

*feb 11:19:43.002:icmp:echo reply sent, src 10.1.1.3, DST 10.1.1.1

*feb 11:19:45.002:icmp:echo reply sent, src 10.1.1.3, DST 10.1.1.1

*feb 11:19:47.002:icmp:echo reply sent, src 10.1.1.3, DST 10.1.1.1

*feb 11:19:49.002:icmp:echo reply sent, src 10.1.1.3, DST 10.1.1.1

B.R3 PING R1

R3#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Turn on debug on R1 don't see packets arrive R1

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More