Which of the following sets of commands should you issue?

You want to configure your Catalyst 6500 switch to redirect certain IP traffic from VLANs 22 through 33 to the Gigabit Ethernet interface that resides at slot 4, port 1. The IP traffic to be redirected must match an ACL named tn1.Which of the following sets of commands should you issue?To appropriately configure your Catalyst 6500 switch in this scenario, you should issue the following commands:Switch(config) vlan access-map ge1Switch(config-access-map) match ip address tn1Switch(config-access-map) action redirect gigabitethernet 4/1Switch(config-access-map) exitSwitch(config) vlan filter ge1 vlan-list 22-33VLAN access control lists (VACLs) are used to control how packets are switched within a virtual local area network (VLAN). To configure a VACL, you shouldperform the following actions:Define the VLAN access map by issuing the vlan access-map command.Define the configured ACL that traffic must match for an action to be triggered by issuing the match command; any traffic that does not match the conditions specified by the configured ACL or ACLs is dropped. Define the action that will be triggered when traffic matches the configured ACL by issuing the action command. Apply the VACL to one or more VLANs by issuing the vlan filter command.The syntax for the vlan access-map command is vlan access-map map-name [sequence-number], where map-name is the name assigned to the VLAN access map. The optional sequence-number parameter defines the order in which the access map statements are checked. Therefore, the command vlan access-map ge1 creates a VLAN access map named ge1 with no sequence number.The match command can filter traffic based on IP address, IPX address or Media Access Control (MAC) address. The syntax for the match command is match {ip address {acl-number | acl-name} | ipx address {acl-number | acl-name} | mac address acl-name}, where acl-number and acl-name are the number and name of the access list, respectively. Therefore, the commandmatch ip address tn1 specifies that only traffic that matches ACL tn1 will trigger the action specified in the action command.The action command will configure the VACL to drop, forward, or redirect traffic that matches the access list specified in the match command. The syntax for the action command is action {drop | forward | redirect interface slot/port}.Therefore, the command action redirect gigabitethernet 4/1 will redirect traffic that matches the access list to Gigabit Ethernet interface 4-1.The syntax for the vlan filter command is vlan filter map-name {vlan-list vlan-list}, where map-name is the name of the VLAN access map and vlan-list is the VLAN or VLANs that should be filtered by the VACL. Therefore, the command vlan filter ge1 vlan-list 22-33 applies the VLAN access map named ge1 to VLANs 22 through 33.The following command set incorrectly specifies the VLAN access map and filter:Switch(config)vlan access-map 22-33Switch(config-access-map) match ip address tn1Switch(config-access-map) action redirect gigabitethernet 4/1Switch(config-access-map) exitSwitch(config) vlan filter tn1The following command set incorrectly specifies the VLAN access map and the match statement. This command is also missing the required hyphen in the list of VLANs specified after the vlan-list keyword:Switch(config) vlan access-map tn1Switch(config-access-map) match ip address ge1Switch(config-access-map) action redirect gigabitethernet 4/1Switch(config-access-map) exitSwitch(config) vlan filter tn1 vlan-list 22 33This following command is missing the required hyphen in the list of VLANs specified after the vlan-list keyword:Switch(config) vlan access-map ge1Switch(config-access-map) match ip address tn1Switch(config-access-map) action redirect gigabitethernet 4/1Switch(config-access-map) exitSwitch(config) vlan filter ge1 vlan-list 22 33Objective:Infrastructure Security Sub-Objective:Configure and verify switch security featuresReferences:Cisco > Home > Support > Product Support > End-of-Sale and End-of-Life Products > Cisco Catalyst 6000 Series Switches > Configure > Configuration Examples and Technotes > Securing Networks with Private VLANs and VLAN AccessControl ListsCisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > snmp ifindex clear through vtp v2-mode > vlan access-mapCisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > interface port-channel through shape > matchCisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > snmp ifindex clear through vtp v2-mode > vlan filterCisco > Catalyst 4500 Series Switch Cisco IOS Command Reference, 12.2(52)SG > aaa accounting dot1x default start-stop group radius through instance > action

Question:

Which of the following sets of commands should you issue?

Options:

vlan access-map 22-33match ip address tn1action redirect gigabitethernet 4/1vlan filter tn1

vlan access-map ge1match ip address tn1action redirect gigabitethernet 4/1vlan filter ge1 vlan-list 22-33

vlan access-map tn1match ip address ge1action redirect gigabitethernet 4/1vlan filter tn1 vlan-list 22 33

vlan access-map ge1match ip address tn1action redirect gigabitethernet 4/1vlan filter ge1 vlan-list 22 33

Correct Answer

The Correct Answer for this Question is

vlan access-map ge1match ip address tn1action redirect gigabitethernet 4/1vlan filter ge1 vlan-list 22-33

Leave a Comment