Белая книга для Cisco Cisco 1700 2600 3600 3700 Series VPN Module
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 55 of 55
In a Cisco Virtual Switching System environment, VACLs do not change significantly, because they can be applied
across VLANs that are local to a particular virtual switch as well as across the entire Cisco Virtual Switching
System. Global TCAM show commands have also been extended to account for the switch keyword.
Port-Based ACLs
PACLs refers to those ACLs that are applied directly to a physical port that is also configured as a Layer 2
switchport. Note that when an IP address is applied to such an interface, the ACL becomes a RACL. PACLs are
directional by nature, and only ingress PACLs are supported.
For software releases prior to 12.2(33)SXI4 there are some changes made to the way PACLs are applied in a
Cisco Virtual Switching System environment. They relate to the current software restriction that does not allow the
system to consecutively address more than 2000 ports from a Layer 2 ACL indexing perspective. This limitation
implies that PACLs cannot be applied to physical orphan ports - ports that exist on a single chassis only. You can
apply PACLs only on Layer 2 Cisco EtherChannel links or multichassis Cisco EtherChannel links. This behavior is
evidenced by the CLI not being available on physical Layer 2 interfaces:
vss(config)#int gig 1/5/2
vss(config-if)#switchport
vss(config-if)#ip ?
Interface IP configuration subcommands:
admission Apply Network Admission Control
arp Configure ARP features
auth-proxy Apply authentication proxy
<…snip…>
vss(config)#int port-channel 102
vss(config-if)#switchport
vss(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
admission Apply Network Admission Control
arp Configure ARP features
auth-proxy Apply authenticaton proxy
<…snip…>
PACLs on physical Layer 2 interfaces are supported in VSS beginning in the 12.2(33)SXI4 software.
Printed in USA
C11-429338-04 12/12