Hardware And Software Handling Of Cisco Ios Acls With Pfc2 And Pfc3A/Pfc3B/Pfc3Bxl - Cisco WS-C6506 Software Manual

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Configuring Access Control

Hardware and Software Handling of Cisco IOS ACLs with PFC2 and

PFC3A/PFC3B/PFC3BXL

This section describes how Cisco IOS ACLs are handled by the hardware and the software in the

switches that are configured with the PFC2 and PFC3A/PFC3B/PFC3BXL.

ACL feature processing requires forwarding some flows to the software. The forwarding rate for

software-forwarded flows is substantially less than for the hardware-forwarded flows. The flows that

require logging as specified by the ACL are handled in the software without impacting non-log flow

forwarding in the hardware.

When you enter the show ip access-list command, the match count displayed does not account for the

packets that are access controlled in the hardware.

The IPX Cisco IOS ACLs with the source host node number specified cannot be enforced on the switch

in the hardware; the MSFC has to process the ACL in the software. This process significantly degrades

the system performance.

With Supervisor Engine 720 (PFC3A/PFC3B/PFC3BXL) and Supervisor Engine 32

(PFC3B/PFC3BXL), the IPX routing is done through the software and the IPX Cisco IOS ACLs and IPX

VACLs are not supported. You can match the IPX packets using the MAC VACLs. You can enter the

ipx-arpa keyword to match the IPX ARPA frames. Use 0xffff EtherType to match on the IPX non-ARPA

frames and the frames with an EtherType of 0xffff. For information on configuring the MAC VACLs, see

These sections describe how the different types of Cisco IOS ACLs and traffic flows are handled by the

hardware and the software in the switches that are configured with the PFC2 or

PFC3A/PFC3B/PFC3BXL:

"Creating a Non-IP Version 4/Non-IPX VACL (MAC VACL) and Adding ACEs" section on

Security Cisco IOS ACLs, page 15-14

Rate Limiting for Cisco IOS ACL Logging, page 15-14

Reflexive ACLs, page 15-15

TCP Intercept, page 15-15

Policy Routing, page 15-16

WCCP, page 15-16

NAT, page 15-16

Unicast RPF Check, page 15-16

Bridge-Groups, page 15-17

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

Using Cisco IOS ACLs in your Network

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Hardware And Software Handling Of Cisco Ios Acls With Pfc2 And Pfc3A/Pfc3B/Pfc3Bxl - Cisco WS-C6506 Software Manual

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Content for Cisco WS-C6506

This manual is also suitable for:

Table of Contents