To configire VACL with DHCP and HSRP

Topology and Envrionment   GNS3 version : 2.03 GNS3 VM L2 IOU : i86bi-linux-l2-adventerprisek9-15.2c.bin L3 IOU : i86bi-linux-l3-adventerprisek9-15.4.1T.bin

OR EVE-ng 2.0.3-59 QEMU : 2.4.0 L2 IOU : i86bi-linux-l2-adventerprisek9-15.2c.bin L3 IOU : i86bi-linux-l3-adventerprisek9-15.4.1T.bin

 

HSRP Setting HSRP.zip
IOU1	enable configure termianl line console 0  logg s  exec-t 0  exit hostname CSW1 no ip cef no cdp run interface Loopback0  ip address 1.1.1.1 255.255.255.255  exit interface Loopback1  ip address 192.168.8.8 255.255.255.255  ip ospf network point-to-point  exit interface Ethernet0/0  description face to iou2's e0/0  no switchport  ip address 10.1.12.1 255.255.255.0  no shutdown  exit interface Ethernet0/1  description face to iou3's e0/1  no switchport  ip address 10.1.13.1 255.255.255.0  no shutdown  exit router ospf 1  router-id 1.1.1.1  redistribute connected subnets  network 10.1.12.1 0.0.0.0 area 0  network 10.1.13.1 0.0.0.0 area 0
IOU2	enable configure termianl line console 0  logg s  exec-t 0  exit hostname DSW2 no ip cef no cdp run ip dhcp excluded-address 10.1.4.128 10.1.4.254 ip dhcp excluded-address 10.1.5.128 10.1.5.254 ip dhcp excluded-address 10.1.6.128 10.1.6.254 ip dhcp excluded-address 10.1.7.128 10.1.7.254 ! ip dhcp pool vlan4  network 10.1.4.0 255.255.255.0  default-router 10.1.4.254  dns-server 192.168.8.2  lease 0 8  exit ip dhcp pool vlan5  network 10.1.5.0 255.255.255.0  default-router 10.1.5.254  dns-server 192.168.8.2  lease 0 8  exit ip dhcp pool vlan6  network 10.1.6.0 255.255.255.0  default-router 10.1.6.254  dns-server 192.168.8.2  lease 0 8  exit ip dhcp pool vlan7  network 10.1.7.0 255.255.255.0  default-router 10.1.7.254  dns-server 192.168.8.2  lease 0 8  exit no ip cef no cdp run ! track 12 interface Ethernet0/0 line-protocol  carrier-delay  exit track 18 ip sla 18 ! ip sla 18  udp-jitter 10.1.12.1 50000  frequency 5  exit ip sla schedule 18 life forever start-time now ! interface Loopback0  ip address 1.1.1.2 255.255.255.255  exit interface Ethernet0/0  description face to iou1's e0/0  no switchport  ip address 10.1.12.2 255.255.255.0  no shutdown interface Ethernet0/1  switchport access vlan 4  switchport mode access ! interface Ethernet0/2  switchport access vlan 5  switchport mode access ! interface Ethernet0/3  switchport access vlan 6  switchport mode access ! interface Ethernet1/0  switchport access vlan 7  switchport mode access ! interface Ethernet1/2  description face to iou3's e1/2  no switchport  ip address 10.1.23.2 255.255.255.0  no shutdown  exit ! interface Vlan4  ip address 10.1.4.252 255.255.255.0  standby 4 ip 10.1.4.254  standby 4 priority 110  standby 4 preempt delay minimum 3 reload 6  standby 4 name vlan4  standby 4 track 12 decrement 20  standby 4 track 18 decrement 20  no shutdown  exit ! interface Vlan5  ip address 10.1.5.252 255.255.255.0  standby 5 ip 10.1.5.254  standby 5 priority 110  standby 5 preempt delay minimum 3 reload 6  standby 5 name vlan5  standby 5 track 12 decrement 20  standby 5 track 18 decrement 20  no shutdown  exit ! interface Vlan6  ip address 10.1.6.252 255.255.255.0  standby 6 ip 10.1.6.254  standby 6 preempt delay minimum 3 reload 6  standby 6 name vlan6  standby 6 track 12 decrement 20  standby 6 track 18 decrement 20  no shutdown  exit ! interface Vlan7  ip address 10.1.7.252 255.255.255.0  standby 7 ip 10.1.7.254  standby 7 preempt delay minimum 3 reload 6  standby 7 name vlan7  standby 7 track 12 decrement 20  standby 7 track 18 decrement 20  no shutdown  exit ! router ospf 1  router-id 1.1.1.2  network 10.1.4.252 0.0.0.0 area 0  network 10.1.5.252 0.0.0.0 area 0  network 10.1.12.2 0.0.0.0 area 0  network 10.1.23.2 0.0.0.0 area 0  exit
IOU3	enable configure termianl line console 0  logg s  exec-t 0  exit no ip cef no cdp run ! hostname DSW3 ! ip dhcp excluded-address 10.1.4.1 10.1.4.127 ip dhcp excluded-address 10.1.5.1 10.1.5.127 ip dhcp excluded-address 10.1.6.1 10.1.6.127 ip dhcp excluded-address 10.1.7.1 10.1.7.127 ! ip dhcp pool vlan4  network 10.1.4.0 255.255.255.0  default-router 10.1.4.254  dns-server 192.168.8.2  lease 0 8 ! ip dhcp pool vlan5  network 10.1.5.0 255.255.255.0  default-router 10.1.5.254  dns-server 192.168.8.2  lease 0 8 ! ip dhcp pool vlan6  network 10.1.6.0 255.255.255.0  default-router 10.1.6.254  dns-server 192.168.8.2  lease 0 8 ! ip dhcp pool vlan7  network 10.1.7.0 255.255.255.0  default-router 10.1.7.254  dns-server 192.168.8.2  lease 0 8 ! track 13 interface Ethernet0/1 line-protocol  carrier-delay ! track 18 ip sla 18 ! interface Loopback0  ip address 1.1.1.3 255.255.255.255 ! interface Ethernet0/1  description face to iou1's e0/1  no switchport  ip address 10.1.13.3 255.255.255.0  no shutdown  exit interface Ethernet0/2  switchport access vlan 4  switchport mode access ! interface Ethernet0/3  switchport access vlan 5  switchport mode access ! interface Ethernet1/0  switchport access vlan 6  switchport mode access ! interface Ethernet1/1  switchport access vlan 7  switchport mode access ! interface Ethernet1/2  description face to iou2's e1/2  no switchport  ip address 10.1.23.3 255.255.255.0  no shutdown  exit ! interface Vlan4  ip address 10.1.4.253 255.255.255.0  standby 4 ip 10.1.4.254  standby 4 preempt delay minimum 3 reload 6  standby 4 name vlan4  standby 4 track 12 decrement 20  standby 4 track 18 decrement 20  no shutdown  exit ! interface Vlan5  ip address 10.1.5.253 255.255.255.0  standby 5 ip 10.1.5.254  standby 5 preempt delay minimum 3 reload 6  standby 5 name vlan5  standby 5 track 12 decrement 20  standby 5 track 18 decrement 20  no shutdown  exit ! interface Vlan6  ip address 10.1.6.253 255.255.255.0  standby 6 ip 10.1.6.254  standby 6 priority 110  standby 6 preempt delay minimum 3 reload 6  standby 6 name vlan6  standby 6 track 12 decrement 20  standby 6 track 18 decrement 20  no shutdown  exit ! interface Vlan7  ip address 10.1.7.253 255.255.255.0  standby 7 ip 10.1.7.254  standby 7 priority 110  standby 7 preempt delay minimum 3 reload 6  standby 7 name vlan7  standby 7 track 12 decrement 20  standby 7 track 18 decrement 20  no shutdown  exit ! router ospf 1  router-id 1.1.1.3  network 10.1.6.253 0.0.0.0 area 0  network 10.1.7.253 0.0.0.0 area 0  network 10.1.13.3 0.0.0.0 area 0  network 10.1.23.3 0.0.0.0 area 0 ! ip sla 18  udp-jitter 10.1.12.1 50000  frequency 5 ip sla schedule 18 life forever start-time now  exit
IOU4	enable configure termianl line console 0  logg s  exec-t 0  exit no ip cef no cdp run ! hostname ASW4 ! no ip domain-lookup ! interface range Ethernet0/0-3  switchport access vlan 4  switchport mode access ! interface range Ethernet1/0-3  switchport access vlan 4  switchport mode access ! interface range Ethernet2/0-3  switchport access vlan 4  switchport mode access ! interface range Ethernet3/0-3  switchport access vlan 4  switchport mode access end
IOU5	enable configure termianl line console 0  logg s  exec-t 0  exit no ip cef no cdp run ! hostname ASW5 ! no ip domain-lookup ! interface range Ethernet0/0-3  switchport access vlan 5  switchport mode access ! interface range Ethernet1/0-3  switchport access vlan 5  switchport mode access ! interface range Ethernet2/0-3  switchport access vlan 5  switchport mode access ! interface range Ethernet3/0-3  switchport access vlan 5  switchport mode access end
IOU6	enable configure termianl line console 0  logg s  exec-t 0  exit no ip cef no cdp run ! hostname ASW6 ! no ip domain-lookup ! interface range Ethernet0/0-3  switchport access vlan 6  switchport mode access ! interface range Ethernet1/0-3  switchport access vlan 6  switchport mode access ! interface range Ethernet2/0-3  switchport access vlan 6  switchport mode access ! interface range Ethernet3/0-3  switchport access vlan 6  switchport mode access end
IOU7	enable configure termianl line console 0  logg s  exec-t 0  exit no ip cef no cdp run ! hostname ASW7 ! no ip domain-lookup ! interface range Ethernet0/0-3  switchport access vlan 7  switchport mode access ! interface range Ethernet1/0-3  switchport access vlan 7  switchport mode access ! interface range Ethernet2/0-3  switchport access vlan 7  switchport mode access ! interface range Ethernet3/0-3  switchport access vlan 7  switchport mode access end

VACL (PC8 has a mac  0050.7966.6807)
IOU2	enable configure terminal  vlan access-map XYZ 10  match ip address 100  action drop vlan access-map XYZ 20  match mac address Backup-Server  action drop vlan access-map XYZ 30  action forward ! vlan filter XYZ vlan-list 4-5 ! access-list 100 permit ip any 10.1.7.0 0.0.0.255 ! mac access-list extended Backup-Server  permit any host 0050.7966.6807
IOU3	vlan access-map XYZ 10  match ip address 100  action drop vlan access-map XYZ 20  match mac address Backup-Server  action drop vlan access-map XYZ 30  action forward ! vlan filter XYZ vlan-list 4-5 access-list 100 permit ip any 10.1.7.0 0.0.0.255 mac access-list extended Backup-Server  permit any host 0050.7966.6807