Latest

The first model of atom in 1998 was proposed by Which of the following frequencies will be suitable for beyond-the horizon communication using sky waves? Java Database Connectivity (JDBC) What is difference between 4G and 5G ? Functions of Border Gateway Protocol (BGP)

GeekGurus

Online Portal for Geeks

Cisco

How to configure VACL in Cisco Catalyst 9200?

By Geek Gurus

VACL stands for VLAN Access Control List. VLAN Access Control Lists (VACLs) provide a means to control traffic between VLANs at Layer 2. They offer a way to enforce security policies on inter-VLAN traffic directly on the switch hardware.

To configure VLAN Access Control Lists (VACLs) on a Cisco Catalyst 9200 switch, you need to perform the following steps using the Cisco IOS command-line interface (CLI):

  • Create an Access Control List (ACL)

You can create either a standard ACL or an extended ACL, depending on your specific requirements.

Here’s an example of creating an extended ACL named “VACL_ACL” that permits SSH traffic (TCP port 22) from VLAN 10 to VLAN 20 and denies all other traffic:

$ switch(config)# ip access-list extended VACL_ACL 
switch(config-ext-nacl)# permit tcp any any eq 22 
switch(config-ext-nacl)# exit 
switch(config)#
  • Create a VLAN Access Map

Create a VLAN access map that associates the ACL with specific VLANs. In the access map, you define match criteria and specify the ACL to be applied.

switch(config)# vlan access-map VACL_MAP 10 
switch(config-access-map)# match ip address VACL_ACL 
switch(config-access-map)# action forward 
switch(config-access-map)# exit
  • Apply the VLAN Access Map to VLANs

Apply the VLAN access map to the VLAN interfaces where you want the VACL to be enforced. You specify the direction (inbound or outbound) in which the VACL should be applied.

switch(config)# vlan filter VACL_MAP vlan-list 10

This command applies the access map “VACL_MAP” to VLAN 10.

  • Verify the Configuration

Use the show commands to verify the configuration of the VACL

switch# show vlan access-map 
switch# show vlan filter

These commands will display information about the configured VLAN access map and the applied VLAN filters.

  • Save the Configuration

After configuring VACLs, make sure to save the configuration changes to the startup configuration .

switch# write memory

These steps outline the basic configuration of VACLs on a Cisco Catalyst 9200 switch. You can Customize the ACLs and access maps according to your specific security requirements and network topology.

Related Post

How to configure Hostname in Cisco Catalyst 9200?

Geek Gurus