Table of Contents
Advertisement
Chapter 34
Configuring Network Security with ACLs
ACLs and Routed Packets
Figure 34-7
in this order:
1.
2.
3.
4.
Figure 34-7
Blade server A
(VLAN 10)
ACLs and Multicast Packets
Figure 34-8
packet being routed has two different kinds of filters applied: one for destinations that are other ports in
the input VLAN and another for each of the destinations that are in other VLANs to which the packet
has been routed. The packet might be routed to more than one output VLAN, in which case a different
router output ACL and VLAN map would apply for each destination VLAN.
The final result is that the packet might be permitted in some of the output VLANs and not in others. A
copy of the packet is forwarded to those destinations where it is permitted. However, if the input VLAN
map (VLAN 10 map in
OL-12247-04
shows how ACLs are applied on routed packets. For routed packets, the ACLs are applied
VLAN map for input VLAN
Input router ACL
Output router ACL
VLAN map for output VLAN
Applying ACLs on Routed Packets
VLAN 10
map
Frame
VLAN 10
shows how ACLs are applied on packets that are replicated for IP multicasting. A multicast
Figure
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
Input
Output
router
router
ACL
ACL
Routing function
Packet
34-8) drops the packet, no destination receives a copy of the packet.
Using VLAN Maps with Router ACLs
VLAN 20
map
Blade server B
(VLAN 20)
VLAN 20
34-39
Advertisement
Chapters
Table of Contents
Troubleshooting
