Table of Contents
Advertisement
Chapter 15
Configuring Access Control
ACEs Supported in VACLs
A VACL contains an ordered list of access control entries (ACEs). Each VACL can contain ACEs of only
one type. Each ACE contains a number of fields that are matched against the contents of a packet. Each
field can have an associated bit mask to indicate which bits are relevant. An action is associated with
each ACE that describes what the system should do with the packet when a match occurs. The action is
feature dependent. Catalyst 6500 series switches support three types of ACEs in the hardware:
•
•
•
Table 15-1
Table 15-1
ACE Type
Layer 4
parameters
Layer 3
parameters
Layer 2
parameters
1. IP ACEs.
2. For Ethernet packets that are not IP version 4 or IPX.
OL-8978-04
IP ACEs
IPX ACEs
Ethernet ACEs
lists the parameters that are associated with each ACE type.
ACE Types and Parameters
1
TCP or UDP
Source port
Source port
operator
Destination
port
Destination
port operator
N/A
IP ToS byte
IP source
address
IP destination
address
TCP or UDP
1
ICMP
Other IP
1
ICMP code
ICMP type
N/A
IP ToS byte
IP ToS byte
IP source
IP source
address
address
IP destination
IP destination
address
address
ICMP
Other protocol
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
1
IPX
IPX source
network
IPX destination
network
IPX destination
node
IPX packet type
Supported ACLs
2
Ethernet
EtherType
Ethernet
source
address
Ethernet
destination
address
15-5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
