Cisco Catalyst 4500 Series Configuration Manual page 1250
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Using PACL with VLAN Maps and Router ACLs
Figure 51-8 Scenario 2: PACL Interaction with a VACL
Host A
(VLAN 10)
If the interface access group mode is prefer port, then only the input PACL is applied on the ingress
traffic from Host A. If the mode is prefer VLAN, then only the VACL is applied to the ingress traffic
from Host A. If the mode is merge, the input PACL is first applied to the ingress traffic from Host A, and
the VACL is applied on the traffic.
Scenario 3: Host A is connected to an interface in VLAN 10, which has a VACL and an SVI configured.
The SVI has an input Router ACL configured and the interface has an input PACL configured, as shown
in
Figure
Figure 51-9 Scenario 3: VACL and Input Router ACL
Host A
(VLAN 10)
If the interface access group mode is prefer port, then only the input PACL is applied on the ingress
traffic from Host A. If the mode is prefer VLAN, then the merged results of the VACL and the input
Router ACL are applied to the ingress traffic from Host A. If the mode is merge, the input PACL is first
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
51-34
Catalyst 4500 series switch
Input
PACL
Frame
VLAN 10
51-9:
Input
VLAN 10
PACL
map
Frame
VLAN 10
Chapter 51
VLAN 10
map
Packet
Catalyst 4500 series switch
Input
Output
router
router
ACL
ACL
Routing function
Packet
Configuring Network Security with ACLs
Host B
(VLAN 10)
VLAN 20
map
Host B
(VLAN 20)
VLAN 20
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
