Cisco Catalyst 4500 series Administration Manual page 1441
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 54
Configuring Network Security with ACLs
Figure 54-8 Scenario 2: PACL Interaction with a VACL
Host A
(VLAN 10)
If the interface access group mode is prefer port, then only the input PACL is applied on the ingress
traffic from Host A. If the mode is prefer VLAN, then only the VACL is applied to the ingress traffic
from Host A. If the mode is merge, the input PACL is first applied to the ingress traffic from Host A, and
the VACL is applied on the traffic.
Scenario 3: Host A is connected to an interface in VLAN 10, which has a VACL and an SVI configured.
The SVI has an input Router ACL configured and the interface has an input PACL configured, as shown
in
Figure
Figure 54-9 Scenario 3: VACL and Input Router ACL
Host A
(VLAN 10)
If the interface access group mode is prefer port, then only the input PACL is applied on the ingress
traffic from Host A. If the mode is prefer VLAN, then the merged results of the VACL and the input
Router ACL are applied to the ingress traffic from Host A. If the mode is merge, the input PACL is first
OL_28731-01
Catalyst 4500 series switch
Input
PACL
Frame
VLAN 10
54-9:
Input
VLAN 10
PACL
map
Frame
VLAN 10
VLAN 10
map
Packet
Catalyst 4500 series switch
Input
Output
router
router
ACL
ACL
Routing function
Packet
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Using PACL with VLAN Maps and Router ACLs
Host B
(VLAN 10)
VLAN 20
map
Host B
(VLAN 20)
VLAN 20
54-35
Advertisement
Chapters
Table of Contents
Troubleshooting
