Cisco Cisco Firepower Management Center 4000

Any

Any, except ASA FirePOWER

You can add any of the following kinds of VLAN tag conditions to an access control rule:

individual and group VLAN tag objects that you have created using the object manager

See 

 for information creating individual and group VLAN 

tag objects using the object manager.

individual VLAN tag objects that you add from the VLAN Tags conditions page, and can then add 
to your rule and to other existing and future rules

See 

 for more information.

literal VLAN tag conditions

See 

 for more information.

The system inspects all traffic on your network for VLAN tags you specify, and uses the innermost 
VLAN tag to identify a packet by VLAN.

The following procedure explains how to add VLAN conditions while adding or editing an access 
control rule. See 

 for more detailed 

information.

Admin/Access Admin/Network Admin

Select the 

 tab on the rule Edit page.

The VLAN Tags page appears.

Optionally, click the 

 prompt above the 

 list, then type a name 

or value.

The list updates as you type to display matching conditions. See 

 

for more information.

Click a condition in the 

 list. Use the Shift and Ctrl keys to select multiple conditions, 

or right-click, then click 

.

Conditions you select are highlighted.

You have the following choices:

Click 

.

Drag and drop selected conditions into the 

 list.

Conditions you selected are added.

Optionally, click the add icon (

) above the 

 list to add a VLAN tag object.

In each VLAN tag object you add, you can specify any VLAN tag from 1 to 4094; use a hyphen to 
specify a range of VLAN tags. You can then select the object you added. See 

 and 

 for more information.

Optionally, click the 

 prompt beneath the 

 list, type a VLAN tag or 

range, then click 

. 

You can specify any VLAN tag from 1 to 4094. Use a hyphen to specify a range of VLAN tags.