Cisco WS-C6506 Software Manual page 418

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Using VACLs with Cisco IOS ACLs

With software release 8.1(1) and later releases, the BDD algorithm is no longer supported on any

platform (PFC, PFC2, or PFC3A/PFC3B/PFC3BXL). The default ACL-merge algorithm is ODM. In

software release 8.1(1) and later releases, the following command changes appear: The set aclmerge

algo and set aclmerge bdd commands have been removed. The show aclmerge {bdd | algo} command

has been reduced to show aclmerge algo.

These examples show the merge results for the various Cisco IOS ACL and VACL configurations. One

VACL and one Cisco IOS ACL are configured on the same VLAN.

******** VACL

10 permit tcp any host 194.72.6.51 eq ftp-data

11 permit tcp any host 194.72.6.51

12 permit tcp any eq domain host 194.72.6.51

13 permit tcp any host 194.72.6.51 gt 1023

14 permit ip

******** Cisco IOS ACL ************

Using the new algorithm - 17 entries

Using the old algorighm - 91 entries

******** VACL

10 permit tcp any host 194.72.6.51 neq ftp

11 permit tcp any eq domain host 194.72.6.51 neq ftp

12 permit tcp any host 194.72.6.51 gt 1023

13 permit ip

******** Cisco IOS ACL ************

******** MERGE ***********

Using the new algorithm - 16 entries

Using the old algorithm - 78 entries

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

permit udp host 194.72.72.33 194.72.6.160 0.0.0.15

permit udp host 147.150.213.94 194.72.6.64 0.0.0.15 eq bootps

permit udp 194.73.74.0 0.0.0.255 host 194.72.6.205 eq syslog

permit udp host 167.221.23.1 host 194.72.6.198 eq tacacs

permit udp 194.72.136.1 0.0.3.128 194.72.6.64 0.0.0.15 eq tftp

permit udp host 193.6.65.17 host 194.72.6.205 gt 1023

permit tcp any host 194.72.6.52

permit tcp any host 194.72.6.52 eq 113

deny tcp any host 194.72.6.51 eq ftp

any host 1.1.1.1

deny ip any host 239.255.255.255

permit ip any any

MERGE **********

permit udp host 194.72.72.33 194.72.6.160 0.0.0.15

permit udp host 147.150.213.94 194.72.6.64 0.0.0.15 eq bootps

permit udp 194.73.74.0 0.0.0.255 host 194.72.6.205 eq syslog

permit udp host 167.221.23.1 host 194.72.6.198 eq tacacs

permit udp 194.72.136.1 0.0.3.128 194.72.6.64 0.0.0.15 eq tftp

permit udp host 193.6.65.17 host 194.72.6.205 gt 1023

permit tcp any host 194.72.6.52

permit tcp any host 194.72.6.52 eq 113

permit tcp any host 194.72.6.51 eq ftp-data

any host 1.1.1.1

deny ip any host 239.255.255.255

permit ip any any

Configuring Access Control

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Cisco WS-C6506 Software Manual page 418

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Products for Cisco WS-C6506

This manual is also suitable for:

Table of Contents