At 8:40 I saw you have a MAC access list. I have been searching for an example of MAC access list applied on a VLAN access map. Cisco TAC has been unhelpful. Can you PLEASE make a lab like that? Or point out where you have already done so? Thank you sir in advance
It has been said in the vidoe that VACLs will be applied in interface but is seen to be config mode with juat specifying the vlan, moreover cisco CCNP 300-115 Official Cert Guide tells you that the packets within a VLAN can be filtered, it cant be filtered from one VLAN to rhe other
hi - is it possible to deny the entire subnet 192.168.1.0 in your lab on vlan 10 from pinging vlan 20? conf t access-list 5 permit 192.168.1.0 vlan access-map ccie 10 match ip address 5 action drop exit vlan access-map ccie 20 vlan filter ccie vlan-list 20 would the above be ok? saj
+Samih Khan we can filter the complete subnet as well but in case if you want to deny other networks we an use ACL on SVI interface after inter vlan as well
At 8:40 I saw you have a MAC access list. I have been searching for an example of MAC access list applied on a VLAN access map.
Cisco TAC has been unhelpful.
Can you PLEASE make a lab like that? Or point out where you have already done so?
Thank you sir in advance
It has been said in the vidoe that VACLs will be applied in interface but is seen to be config mode with juat specifying the vlan, moreover cisco CCNP 300-115 Official Cert Guide tells you that the packets within a VLAN can be filtered, it cant be filtered from one VLAN to rhe other
What kind of lab kit do you use?
At 9.14 Minutes : SW1 ( Config_ : vlan access-map CCIE 10 command is being accepted . kindly help . I can't check the config without this
Please, explaing to me sir. I dont know how wrok the filter mode in this tutorial.
In my switch
vlan access-map command it's not showing ,,could you tell me why
same here . Did you get any solution or reply
'
hi - is it possible to deny the entire subnet 192.168.1.0 in your lab on vlan 10 from pinging vlan 20?
conf t
access-list 5 permit 192.168.1.0
vlan access-map ccie 10
match ip address 5
action drop
exit
vlan access-map ccie 20
vlan filter ccie vlan-list 20
would the above be ok?
saj
+Samih Khan we can filter the complete subnet as well but in case if you want to deny other networks we an use ACL on SVI interface after inter vlan as well
thanxx