Sunday, August 30, 2009

Finished BCMSN Lab Portfolio

Well, I finished up the lab portfolio today!!!! Hooraaahhh
I felt that I finished up pretty strong writing some VACLS on one of my switches.  Basically permitting a host to still use its default gateway, but blocking it from reaching other hosts on the vlan.  Config is as follows:

dsl2(config)#ip access-list extended temp-host
dsl2(config-ext-nacl)#permit ip host - id what you are identifying

dsl2(config)#vlan access-map block-temp 10 -create "access-map"
dsl2(config-access-map)#match ip address temp-host
dsl2(config-access-map)#action ?
  drop     Drop packets
  forward  Forward packets
dsl2(config-access-map)#action drop - drop packets from
dsl2(config-access-map)#vlan access-map block-temp 20
dsl2(config-access-map)#action forward -permit all others (there is still an implicit deny at the end)

dsl2(config)#vlan filter block-temp vlan-list 200 - identify the access-map with a specific vlan
dsl2#sh vlan access-map - check your work
Vlan access-map "block-temp"  10
  Match clauses:
    ip  address: temp-host
Vlan access-map "block-temp"  20
  Match clauses:
I did test this with a host in vlan 200 with the ip address of   It worked flawlessly.  The host could not communicate within the vlan, but could still get out to others and the internet.

So, now its on to a little review, some practice questions, reinforcement labbing, and then the exam pretty soon!  I will keep everyone posted (the few that may ever see this anyways!).

No comments:

Post a Comment