Configure VLAN access control list...

-

What is VLAN Access Control Lists (VACL) used for?

VLAN Access Control Lists (VACL) can be used to filter traffic within the same vlan

Scenario

Suppose a host is connected to VLAN 2 and we are required to drop all telnet traffic within VLAN 2.

Configuration

Make an access list to match telnet traffic
Router(config)#access-list 101 permit tcp any any eq telnet
Create VACL using the above ACL.
Drop telnet traffic and forward all other traffic
Router(config)#vlan access-map VACL_ACL 10
Router(config-access-map)#match ip address 101
Router(config-access-map)#action drop
Router(config-access-map)#exit
Router(config)#vlan access-map VACL_ACL 20
Router(config-access-map)#action forward
Router(config-access-map)#exit
Router(config)#
Apply VACL to VLAN 2.
Router(config)#vlan filter VACL_ACL vlan-list 2
Thats it for the configuration. If everything is configured properly, telnet traffic should be dropped within VLAN 2

Comments

Post a Comment

Popular posts from this blog

Upgrading the firmware on a standalone Fortigate unit or units in an HA cluster

-
Understanding upgrade paths: Each firmware version has an upgrade path requirement from older versions. Most of the time when you are in a MR (major release) patch level, you can upgrade straight to any patch level within the MR. ex: 1) currently, a fortigate unit is running 4.0 MR3 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You can simply upgrade it directly to 4.0 MR3 patch 11. Most of the time when you are upgrading from a MR to the next MR, you can upgrade straight to any patch level in the next MR as long as you are at the highest patch level in the lower/previous MR. ex: 1) currently, a fortigate unit is running 4.0 MR2 patch 3. 2) You wish to upgrade it to 4.0 MR3 patch 11. 3) You must first upgrade it to 4.0 MR2 patch 13 (highest 4.0 MR2 patch). 4) Then you can upgrade to 4.0 MR3 patch 11. You should ALWAYS refer to the release notes of the firmware release you wish to upgrade your unit. Even, for comfort, just open a ticket...
Read more

Traffic Shaping With Fortigate

-
FortiGate v4.0 Description This article describes the Traffic Shaping features that have been implemented in FortiOS 4.0 In FortiOS version 4.0, the traffic shaping has been enhanced. Diagnose commands allowing to verify each traffic shaper's usage and giving more configuration flexibility. See also the related articles at the end of this page for additional information. Solution Summary 1- Traffic shaping configuration is dissociated from the Firewall policies allowing multiple policies to use common configurations 2- Possibility to use independent configurations in policies for forward and reverse traffic directions 3- The P2P shaping capabilities are now defined at the application control level 4- Troubleshooting packet loss with statistics on traffic shaping configurations 5- Troubleshooting packet loss with the debug flow diagnose commands 6- Session list details with dual traffic shaper (forward and reverse traffic) 1- Traffic shaping configuration is di...
Read more