VLAN Access Control List (VACL) configuration in GNS3

Описание: VLAN (Virtual LAN) is a concept in which we divide the broadcast domain into smaller broadcast domains logically at layer 2. If we create different VLANs then by default, a host from one VLAN can communicate with all the hosts residing in the same VLAN. If we want some hosts not able to reach other hosts within the same VLAN, then the concept of VLAN Access-list or Private VLAN can be used. (Access-list, is a set of various permit or deny conditions, used for packet filtering)

VLAN ACL (VACL) –

VLAN ACL is used to filter traffic of a VLAN (traffic within a VLAN i.e traffic for destination host residing in the same VLAN). All packets entering the VLAN are checked against the VACL. Unlike Router ACL, VACL is not defined in a direction but it is possible to filter traffic based on the direction of the traffic by combining VACLs and Private VLAN features.

Procedure –

1. Define the standard or extended access list to be used in VACL –
An access list should be defined to identify the type of traffic and the hosts on which it is applied.

2. Define a VLAN access map –
A VLAN access-map is defined in which hosts IP address will be matched (using the access-list defined)

3. Configure an action clause in a VLAN access map sequence –
This will tell what action (forward or drop) should be taken on the traffic (defined in the VLAN access map)

4. Apply the VLAN access map to the specified VLANs –
The last step in the configuration of VACL is to create a filter list specifying, on which VLAN the access map has been applied.

VACLs are utilized for different purposes, including:

1. Security: VACLs can be utilized to control admittance to explicit VLANs, forestalling unapproved admittance to delicate organization assets. For instance, you can utilize a VACL to impede all traffic entering or leaving a VLAN, with the exception of approved clients.

2. Filtering: VACLs can be utilized to channel traffic in view of explicit models, for example, IP address or port number. This can assist with decreasing organization clog by restricting how much undesirable traffic on the organization.

3. Monitoring: VACLs can be utilized to screen network traffic entering or leaving a VLAN, giving perceivability into network movement. For instance, you can utilize a VACL to log all traffic entering or leaving a VLAN, making it conceivable to recognize potential security dangers or investigate network issues.

4. QoS: VACLs can be utilized to focus on network traffic entering or leaving a VLAN, guaranteeing that basic traffic gets the important data transfer capacity and diminishing the probability of blockage.

Source: https://www.geeksforgeeks.org/vlan-ac...