Networking

Configuring Layer 2 Access Lists/vACLs

Verbal Kint

1 min read
Configuring Layer 2 Access Lists/vACLs

Introduction

If the switch is a multilayer switch, you can restrict intra-vlan traffic, provided that the traffic passes through the switch.

Step 1: Define Access List

ip access-list extended PROTECT-PHONE
 permit ip 10.0.15.0 0.0.0.255 10.0.15.0 0.0.0.255

Step 2: Define Access MAP

vlan access-map PROTECT-PHONE 10
 action drop
 match ip address PROTECT-PHONE
vlan access-map PROTECT-PHONE 20
 action forward

Step 3: Bind to VLAN (Vlan 15 in my case)

vlan filter PROTECT-PHONE vlan-list 15

This will only work for traffic that is passing through the switch