Vlan Access-maps
So I forgot to put this up yesterday. Here it is. I was asked to filter port 139 traffic before it got to a router. To accomplish this I went to the switch that was connected to the router and did it on the the VLAN. To test I went to a workstation connected to the switch and telnetted to the router port 139 and watched a separate ACL that I put on the router increment. After applying this Vlan Access Map on the switch and repeating the test from the workstation the ACL on the router no longer incremented.
! –Start with the ACL to match the port 139 traffic. (Yes its a permit statement)
access-list 139 permit tcp any any eq 139
!
!
! –Next write the vlan access-map to match that ACL and drop the traffic.
!
vlan access-map NO139 10
action drop
match ip address 139
vlan access-map NO139 20
action forward
!
! –No Apply it to the VLAN!
!
vlan filter NO139 vlan-list 37