PrepAway - Latest Free Exam Questions & Answers

Which statement is true?

Refer to the exhibit.

Which statement is true?

PrepAway - Latest Free Exam Questions & Answers

A.
IP traffic matching access list ABC is forwarded through VLANs 5-10.

B.
IP traffic matching VLAN list 5-10 is forwarded, and all other traffic is dropped.

C.
All VLAN traffic matching VLAN list 5-10 is forwarded, and all traffic matching access list
ABC is dropped.

D.
All VLAN traffic in VLANs 5-10 that match access list ABC is forwarded, and all other
traffic is dropped.

Explanation:
VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch.
VLAN maps can be configured on the switch to filter all packets that are routed into or out of
a VLAN, or are bridged within a VLAN. VLAN maps are used strictly for security packet
filtering. Unlike router ACLs, VLAN maps are not defined by direction (input or output).
To create a VLAN map and apply it to one or more VLANs, perform these steps:
• Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to
the VLAN. This access-list will select the traffic that will be either forwarded or dropped by
the access-map. Only traffic matching the ‘permit’ condition in an access-list will be passed
to the access-map for further processing.
• Enter the vlan access-map access-map-name [sequence] global configuration command to
create a VLAN ACL map entry. Each access-map can have multiple entries. The order of
these entries is determined by the sequence. If no sequence number is entered, access-map
entries are added with sequence numbers in increments of 10.
• In access map configuration mode, optionally enter an action forward or action drop. The
default is to forward traffic. Also enter the match command to specify an IP packet or a nonIP packet (with only a known MAC address), and to match the packet against one or more
ACLs (standard or extended).
• Use the vlan filter access-map-name vlan-list vlan-list global configuration command to
apply a VLAN map to one or more VLANs. A single access-map can be used on multiple VLANs.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuratio
n/guide/vacl.html#wp1061021


Leave a Reply