PrepAway - Latest Free Exam Questions & Answers

Which statement is true?

Refer to the exhibit.

Which statement is true?

PrepAway - Latest Free Exam Questions & Answers

A.
IP traffic matching access list ABC is forwarded through VLANs 5-10.

B.
IP traffic matching VLAN list 5-10 is forwarded, and all other traffic is dropped.

C.
All VLAN traffic matching VLAN list 5-10 is forwarded, and all traffic matching access list ABC is
dropped.

D.
All VLAN traffic in VLANs 5-10 that match access list ABC is forwarded, and all other traffic is
dropped.

Explanation:
VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN
maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or
are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike router
ACLs, VLAN maps are not defined by direction (input or output).
To create a VLAN map and apply it to one or more VLANs, perform these steps:
• Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the
VLAN. This access-list will select the traffic that will be either forwarded or dropped by the accessmap. Only traffic matching the ‘permit’ condition in an access-list will be passed to the access-map

for further processing.
• Enter the vlan access-map access-map-name [sequence] global configuration command to
create a VLAN ACL map entry. Each access-map can have multiple entries. The order of these
entries is determined by the sequence. If no sequence number is entered, access-map entries are
added with sequence numbers in increments of 10.
• In access map configuration mode, optionally enter an action forward or action drop. The default
is to forward traffic. Also enter the match command to specify an IP packet or a non-IP packet
(with only a known MAC address), and to match the packet against one or more ACLs (standard
or extended).
• Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a
VLAN map to one or more VLANs. A single access-map can be used on multiple VLANs.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html#wp1061021


Leave a Reply