Cisco Cisco FirePOWER Appliance 7030
14-20
FireSIGHT System User Guide
Chapter 14 Understanding and Writing Access Control Rules
Working with Different Types of Conditions
Adding VLAN Tag Conditions
License:
Any
Supported Devices:
Any, except ASA FirePOWER
You can add any of the following kinds of VLAN tag conditions to an access control rule:
•
individual and group VLAN tag objects that you have created using the object manager
See
tag objects using the object manager.
•
individual VLAN tag objects that you add from the VLAN Tags conditions page, and can then add
to your rule and to other existing and future rules
to your rule and to other existing and future rules
See
for more information.
•
literal VLAN tag conditions
See
for more information.
The system inspects all traffic on your network for VLAN tags you specify, and uses the innermost
VLAN tag to identify a packet by VLAN.
VLAN tag to identify a packet by VLAN.
The following procedure explains how to add VLAN conditions while adding or editing an access
control rule. See
control rule. See
for more detailed
information.
To add VLAN tag conditions to an access control rule:
Access:
Admin/Access Admin/Network Admin
Step 1
Select the
VLAN Tags
tab on the rule Edit page.
The VLAN Tags page appears.
Step 2
Optionally, click the
Search by name or value
prompt above the
Available VLAN Tags
list, then type a name
or value.
The list updates as you type to display matching conditions. See
for more information.
Step 3
Click a condition in the
Available VLAN Tags
list. Use the Shift and Ctrl keys to select multiple conditions,
or right-click, then click
Select All
.
Conditions you select are highlighted.
Step 4
You have the following choices:
•
Click
Add to Rule
.
•
Drag and drop selected conditions into the
Selected VLAN Tags
list.
Conditions you selected are added.
Step 5
Optionally, click the add icon (
) above the
Available VLAN Tags
list to add a VLAN tag object.
In each VLAN tag object you add, you can specify any VLAN tag from 1 to 4094; use a hyphen to
specify a range of VLAN tags. You can then select the object you added. See
specify a range of VLAN tags. You can then select the object you added. See
and
for more information.
Step 6
Optionally, click the
Enter a VLAN Tag
prompt beneath the
Selected VLAN Tags
list, type a VLAN tag or
range, then click
Add
.
You can specify any VLAN tag from 1 to 4094. Use a hyphen to specify a range of VLAN tags.