Cisco Systems WSC4500X16SFP Manual De Usuario
33-26
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 33 Configuring Network Security with ACLs
Using PACL with VLAN Maps and Router ACLs
This example shows that the IP access group simple-ip-acl is configured on the inbound direction of
interface fa6/1:
interface fa6/1:
Switch# show ip interface fast 6/1
FastEthernet6/1 is up, line protocol is up
Inbound access list is simple-ip-acl
Outgoing access list is not set
This example shows that MAC access group simple-mac-acl is configured on the inbound direction of
interface fa6/1:
interface fa6/1:
Switch# show mac access-group interface fast 6/1
Interface FastEthernet6/1:
Inbound access-list is simple-mac-acl
Outbound access-list is not set
This example shows that access group merge is configured on interface fa6/1:
Switch# show access-group mode interface fast 6/1
Interface FastEthernet6/1:
Access group mode is: merge
Using PACL with VLAN Maps and Router ACLs
For output PACLs, there is no interaction with VACL or output Router ACLs. (See the restrictions listed
in the
in the
.) For input PACLs, however, the
interaction with Router ACLs and VACLs depends on the interface access group mode as shown in
Each ACL Type listed in
is synonymous with a different scenario, as explained in the
following discussion.
Table 33-1 Interaction Between PACLs, VACLs and Router ACLs
ACL Type(s)
Input PACL
prefer port
mode
mode
prefer vlan
mode
mode
merge mode
1.
Input Router ACL
PACL applied
Input Router
ACL applied
ACL applied
PACL, Input Router ACL (merged)
applied in order (ingress)
applied in order (ingress)
2.
VACL
PACL applied
VACL
applied
applied
PACL, VACL (merged) applied in order
(ingress)
(ingress)
3.
VACL + Input Router
ACL
ACL
PACL applied
VACL +
Input Router
ACL applied
Input Router
ACL applied
PACL, VACL, Input Router ACL
(merged) applied in order (ingress)
(merged) applied in order (ingress)