Which Catalyst 6500 feature provides network-security enforcement based on Layer 2, Layer 3, and Layer 4 information on a VLAN?

Which Catalyst 6500 feature provides network-security enforcement based on Layer 2, Layer 3, and Layer 4 information on a VLAN?Answer:VLAN access control lists (VACLs) provide network-security enforcement based on Layer 2, Layer 3, and Layer 4 information on a VLAN.VACLs can be used to provide security based on MAC address, source and destination IP address, Layer 4 protocols, or port numbers. The VACL will act on all traffic of a select VLAN whether bridged or switched. The actions performed on a packet can include permit, redirect, or deny. The VACL entries are checked in sequence, which is similar in concept to route-map structures. The following procedure is used to create VACLs:Define a VLAN access map:switch(config)# vlan access-map name [seq#]Configure a match clause:switch(config-access-map)# match {ip address {1-99 | 1300-2699 | acl_name} | mac address acl_name}Configure an action clause:switch(config-access-map)# action {drop | forward | redirect}Apply the map to a VLAN: switch(config)# vlan filter map_name vlan-list listOnce created, you should verify the VACLs using the following commands:switch# show vlan access-map map_name switch# show vlan filterIn the sample configuration shown below, all VLAN traffic in VLANS 1 through 3 that match access list SAFE will be forwarded. All other traffic will be dropped.switch(config)# vlan access-map cisco 10 switch(config-access-map)# match ip-address SAFE switch(config-access-map)# action forward switch(config)# vlan filter cisco vlan-list 1-3If access list cisco were configured as shown below, for example, traffic with a source address of 172.16.10.8 would be dropped.Switch# show ip access-list cisco 10Extended ip access list cisco 1010 permit 10.0.0.0 255.255.255.0 anyObjective:Infrastructure Security Sub-Objective:Configure and verify switch security featuresReferences:Cisco > Home > Support > Product Support > End-of-Sale and End-of-Life Products > Cisco Catalyst 6000 Series Switches > Configure > Configuration Examples and Technotes > Securing Networks with Private VLANs and VLAN Access Control ListsCisco > Cisco IOS LAN Switching Command Reference > vlan access-mapCisco > Cisco IOS LAN Switching Command Reference > match (vlan access-map)

Question:

Which Catalyst 6500 feature provides network-security enforcement based on Layer 2, Layer 3, and Layer 4 information on a VLAN?

Options:

NAM

SPAN

VACL

802.1X

Correct Answer

The Correct Answer for this Question is

VACL

Leave a Comment