Using Vacls In Your Network - Cisco WS-C6506 Software Manual

Chapter 15 Configuring Access Control
•
•
For example, this ACL would use a single LOU to store two different operator/operand couples:
... Src gt 10 ...
... Dst gt 10
A more detailed example is as follows:
ACL1
... (dst port) gt 10 permit
... (dst port) lt 9 deny
... (dst port) gt 11 deny
... (dst port) neq 6 redirect
... (src port) neq 6 redirect
... (dst port) gt 10 deny
ACL2
... (dst port) gt 20 deny
... (src port) lt 9 deny
... (src port) range 11 13 permit
... (dst port) neq 6 redirect
The Layer 4 operations and LOU usage are as follows:
•
•
•
An explanation of the LOU usage is as follows:
•
•
•
•

Using VACLs in Your Network

These sections describe some typical uses for the VACLs:
•
•
•
•
•
•
•
•
•
OL-8978-04
range uses 1 LOU
eq does not require a LOU
ACL1 Layer 4 operations: 5
ACL2 Layer 4 operations: 4
LOUs: 4
LOU 1 stores "gt 10" and "lt 9"
LOU 2 stores "gt 11" and "neq 6"
LOU 3 stores "gt 20" (with space for one more)
LOU 4 stores "range 11 13" (range needs the entire LOU)
Wiring Closet Configuration, page 15-26
Redirecting Broadcast Traffic to a Specific Server Port, page 15-26
Restricting the DHCP Response for a Specific Server, page 15-27
Denying Access to a Server on Another VLAN, page 15-28
Restricting ARP Traffic, page 15-29
Inspecting ARP Traffic, page 15-30
Dynamic ARP Inspection, page 15-39
Configuring ACLs on Private VLANs, page 15-43
Capturing Traffic Flows, page 15-43
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Using VACLs in Your Network
15-25