Cisco Cisco Catalyst 4500 Series Supervisor II-Plus-10GE Libro bianco
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 53 of 55
As a result, only flows that always arrive on the same forwarding engine are policed correctly; otherwise they are
underpoliced. Generally, this situation allows only the following flow masks for use on multichassis Cisco
EtherChannel link interfaces:
●
Source and destination: Source and destination IP address
●
Interface, source, and destination: Input interface, source, and destination IP address
●
Full: Source, destination IP address, IP, and TCP/UDP source and destination ports if present
●
Interface, full: Input interface, source, destination IP address, IP, and TCP/UDP source and destination
ports if present
As a result, UBRL does not yield the desired behavior if applied to multichassis Cisco EtherChannel link interfaces
or other distributed Cisco EtherChannel interfaces because they are source-only or destination-only by nature.
Access Control Lists
This section examines the way access lists are modified in the Cisco Virtual Switching System environment.
Essentially three types of ACLs are supported in a Cisco Catalyst 6500 system as of Cisco IOS Software Release
12.2(33)SXH (Figure 31):
●
Router ACLs (RACLs)
●
VLAN ACLs (VACLs)
●
Port-based ACLs (PACLs)
Figure 31. Access-List Processing
All of these ACLs are compiled by the system and programmed into hardware-based ternary content addressable
memory (TCAM) on the system PFCs or DFCs. Within a Cisco Virtual Switching System environment, these ACLs
are compiled by the active route processor for the entire system (on the active virtual switch) and programmed to
all PFCs and DFCs in the system.