The IP traffic to be redirected must match an ACL named tn1.Which of the following sets of commands should you issue?

Last Updated on August 1, 2021 by Admin 2

You want to configure your Catalyst 6500 switch to redirect certain IP traffic from VLANs 22 through 33 to the Gigabit Ethernet interface that resides at slot 4, port 1. The IP traffic to be redirected must match an ACL named tn1.Which of the following sets of commands should you issue?

  • vlan access-map 22-33match ip address tn1action redirect gigabitethernet 4/1vlan filter tn1
  • vlan access-map ge1match ip address tn1action redirect gigabitethernet 4/1vlan filter ge1 vlan-list 22-33
  • vlan access-map tn1match ip address ge1action redirect gigabitethernet 4/1vlan filter tn1 vlan-list 22 33
  • vlan access-map ge1match ip address tn1action redirect gigabitethernet 4/1vlan filter ge1 vlan-list 22 33
Explanation:

To appropriately configure your Catalyst 6500 switch in this scenario, you should issue the following commands:

Switch(config) vlan access-map ge1
Switch(config-access-map) match ip address tn1
Switch(config-access-map) action redirect gigabitethernet 4/1
Switch(config-access-map) exit
Switch(config) vlan filter ge1 vlan-list 22-33

VLAN access control lists (VACLs) are used to control how packets are switched within a virtual local area network (VLAN). To configure a VACL, you shouldperform the following actions:

  • Define the VLAN access map by issuing the vlan access-map command.
  • Define the configured ACL that traffic must match for an action to be triggered by issuing the match command; any traffic that does not match the conditions specified by the configured ACL or ACLs is dropped.
  • Define the action that will be triggered when traffic matches the configured ACL by issuing the action command.
  • Apply the VACL to one or more VLANs by issuing the vlan filter command.

The syntax for the vlan access-map command is vlan access-map map-name [sequence-number], where map-name is the name assigned to the VLAN access map. The optional sequence-number parameter defines the order in which the access map statements are checked. Therefore, the command vlan access-map ge1 creates a VLAN access map named ge1 with no sequence number.

The match command can filter traffic based on IP address, IPX address or Media Access Control (MAC) address. The syntax for the match command is match {ip address {acl-number | acl-name} | ipx address {acl-number | acl-name} | mac address acl-name}, where acl-number and acl-name are the number and name of the access list, respectively. Therefore, the commandmatch ip address tn1 specifies that only traffic that matches ACL tn1 will trigger the action specified in the action command.

The action command will configure the VACL to drop, forward, or redirect traffic that matches the access list specified in the match command. The syntax for the action command is action {drop | forward | redirect interface slot/port}. Therefore, the command action redirect gigabitethernet 4/1 will redirect traffic that matches the access list to Gigabit Ethernet interface 4-1.

The syntax for the vlan filter command is vlan filter map-name {vlan-list vlan-list}, where map-name is the name of the VLAN access map and vlan-list is the VLAN or VLANs that should be filtered by the VACL. Therefore, the command vlan filter ge1 vlan-list 22-33 applies the VLAN access map named ge1 to VLANs 22 through 33.

The following command set incorrectly specifies the VLAN access map and filter:

Switch(config)vlan access-map 22-33
Switch(config-access-map) match ip address tn1
Switch(config-access-map) action redirect gigabitethernet 4/1
Switch(config-access-map) exit
Switch(config) vlan filter tn1

The following command set incorrectly specifies the VLAN access map and the match statement. This command is also missing the required hyphen in the list of VLANs specified after the vlan-list keyword:

Switch(config) vlan access-map tn1
Switch(config-access-map) match ip address ge1
Switch(config-access-map) action redirect gigabitethernet 4/1
Switch(config-access-map) exit
Switch(config) vlan filter tn1 vlan-list 22 33

This following command is missing the required hyphen in the list of VLANs specified after the vlan-list keyword:

Switch(config) vlan access-map ge1
Switch(config-access-map) match ip address tn1
Switch(config-access-map) action redirect gigabitethernet 4/1
Switch(config-access-map) exit
Switch(config) vlan filter ge1 vlan-list 22 33

Objective:
Infrastructure Security
Sub-Objective:
Configure and verify switch security features

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments