Table of Contents
Advertisement
Using VACLs with Cisco IOS ACLs
******** IOS ACL *********
1 permit ip 147.150.213.64 0.0.0.31 194.72.6.64 0.0.0.15
2 permit ip 147.150.213.64 0.0.0.31 194.72.6.160 0.0.0.15
3 permit ip 147.150.213.64 0.0.0.31 host 194.72.6.205
4 permit ip 147.151.77.0 0.0.0.255 194.72.6.64 0.0.0.15
5 permit ip 147.151.77.0 0.0.0.255 194.72.6.160 0.0.0.15
6 permit ip 147.151.77.0 0.0.0.255 194.72.6.208 0.0.0.15
7 permit ip 147.151.77.0 0.0.0.255 host 194.72.6.205
8 permit ip host 193.37.169.121 194.72.6.64 0.0.0.15
[...] total 62 entries without L4 information
******* MERGE ********
has 1259 ACEs.
Guidelines for Using Layer 4 Operations
Follow these guidelines for configurations where you need to specify Layer 4 port operations.
These sections provide guidelines for specifying Layer 4 port operations:
•
•
Determining Layer 4 Operation Usage
The switch hardware allows you to specify these types of operations:
•
•
•
•
•
We recommend that you do not specify more than nine different operations on the same ACL. If you
exceed this number, each new operation might cause the affected ACE to be translated into more than
one ACE.
Note
If you have a Cisco IOS ACL and a VACL on the same VLAN interface, the recommended total
number of Layer 4 operations is still nine or less.
Use the following two guidelines to determine Layer 4 operation usage:
1.
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
16-20
Determining Layer 4 Operation Usage, page 16-20
Determining Logical Operation Unit Usage, page 16-21
gt (greater than)
lt (less than)
neq (not equal)
eq (equal)
range (inclusive range)
Layer 4 operations are considered different if the operator or the operand differ. For example, in this
ACL there are four different Layer 4 operations ("gt 10" and "gt 11" are considered two different
Layer 4 operations):
... gt 10 permit
... lt 9 deny
... gt 11 deny
... neq 6 redirect
Chapter 16
Configuring Access Control
78-13315-02
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
