VLAN ACLs Flashcards

1
Q

What are VLAN ACLs used for?

A

Regulating intra-VLAN traffic on L3 switches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

VLAN ACLs are not used for inter-VLAN traffic because this can be accomplished by what?

A

Regular or extended ACLs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four steps in creating and applying a VLAN ACL?

A

1.Create an ACL. 2.Create a VLAN ACL, tie your ACL to it, and set your action. 3.Apply your VLAN ACL to a VLAN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What command will put you into VLAN ACL config mode?

A

vlan access-map _(name)_

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happens if you do not specify an ACL to match in your VLAN ACL?

A

The VLAN ACL will apply to all traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do you not have to specify on a VLAN ACL when applying it?

A

Whether to apply it to inbound/outbound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Refer to the exhibit. Which statement is true?

Router(config)# vlan access-map pass 10
Router(config-access-map)# match ip address ABC
Router(config- access-map)# action forward
Router(config)# vlan filter pass vlan-list 5-10
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.

A

Answer: D

Explanation

Each VACL has an implicit “deny all” statement at the end, just like a regular ACL. From the exhibit we learn the VACL “pass” is applied from VLAN 5 to 10 with “action forward” -> All VLAN traffic in VLANs 5-10 that match ABC access list will be forwarded, other traffic in VLAN 5 to 10 will be dropped.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

VLAN maps have been configured on switch R1. Which of the following actions are taken in a VLAN map that does not contain a match clause?

A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.

A

Answer: A

Explanation

If a VLAN map does not contain a match clause then it matches all type of traffic. Maybe this question is not clear but we should understand as “Which of the following actions are taken in a VLAN map that does not match a match clause?”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Refer to the exhibit. What will happen to the traffic within VLAN 14 with a source address of 172.16.10.5?

Switch# show ip access-lists net_10
Extended IP access list net_10
10 permit ip 10.0.0.0 0.255.255.255 any
Switch# conf t
Switch(config)# vlan access-map thor 10
Switch(config-access-map)# match ip address net_10
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan filter thor vlan-list 12-16
A. The traffic will be forwarded to the router processor for further processing.
B. The traffic will be dropped.
C. The traffic will be forwarded to the TCAM for further processing.
D. The traffic will be forwarded to without further processing.

A

Answer: B

Explanation

The source address of 172.16.10.5 is not matched with access list net_10. Something like this at the end of the access-map:

vlan access-map thor
action drop
-> The traffic from 172.16.10.5 is dropped -> B is correct.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are VACLs configured?

A

as a VLAN access map

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How are VACLs applied

A

to a VLAN and not to a VLAN interface (SVI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does *VACL* stand for?

A

VLAN Access List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a *VACL*?

A

A VACL is applied to VLANs and configured similar to route-maps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the *VACL Forward* action do?

A

VACL Forward allows traffic to be forwarded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the *VACL Drop* action do?

A

VACL Drop drops traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the *VACL Redirect* action do?

A

VACL Redirect sets a new destination interface.

17
Q

What does the *VACL Capture* action do?

A

VACL Capture is an enhancement of forward and allows forwarded traffic to be captured similar to SPAN.

18
Q

What configuration commands sets up a *VACL Access Map*?

A
  • Sw1(config)# vlan access-map [seq-num]
  • Sw1(config-access-map)# match ip address {acl}
  • Sw1(config-access-map)# action {action}
19
Q
A
20
Q

What configuration commands sets up a *VACL Filter*?

A

Sw1(config)# vlan filter <map-name> vlan-list <vlan-ids></vlan-ids></map-name>

21
Q

What useful show commands verifies *VACL*?

A

Sw1# show vlan access-map

Sw1# show vlan filter

22
Q
A