Cisco Systems EA6500 Manual De Usuario

23-11

Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E

78-14099-04

Chapter 23 Configuring Network Security

Configuring VLAN ACLs

Multicast Packets

Figure 23-3

shows how ACLs are applied on packets that need multicast expansion. For packets that

need multicast expansion, the ACLs are applied in the following order:

Packets that need multicast expansion:

VACL for input VLAN

Input Cisco IOS ACL

Packets after multicast expansion:

Output Cisco IOS ACL

VACL for output VLAN (not supported with PFC2)

Packets originating from router—VACL for output VLAN

Figure 23-3 Applying VACLs on Multicast Packets

Configuring VACLs

These sections describe configuring VACLs:

•

VACL Configuration Overview, page 23-12

•

Defining a VLAN Access Map, page 23-12

•

Configuring a Match Clause in a VLAN Access Map Sequence, page 23-13

•

Configuring an Action Clause in a VLAN Access Map Sequence, page 23-14

•

Applying a VLAN Access Map, page 23-14

•

Verifying VLAN Access Map Configuration, page 23-15

Catalyst 6500 Series Switch

with MSFC

Host B

(VLAN 20)

Host D

(VLAN 20)

Host A

(VLAN 10)

Host C

(VLAN 10)

26965

Bridged

VACL

VACL (Not supported
on PFC2)

Input IOS ACL

Output IOS ACL

Routed

MSFC

IOS ACL for
output VLAN
for packets
originating from
router