Cisco Systems 7600 SERIES manual Routed Packets, 23-10

Page 10

Chapter 23 Configuring Network Security

Configuring VLAN ACLs

Routed Packets

Figure 23-2shows how ACLs are applied on routed and Layer 3-switched packets. For routed or Layer 3-switched packets, the ACLs are applied in the following order:

1.VACL for input VLAN

2.Input Cisco IOS ACL

3.Output Cisco IOS ACL

4.VACL for output VLAN

Figure 23-2 Applying VACLs on Routed Packets

		Routed
	Input IOS ACL	Output IOS ACL
	Input IOS ACL	MSFC
		MSFC
	Bridged	VACL
	Bridged
	VACL	Bridged
	VACL
		Catalyst 6500 series switches
		with MSFC
	Host A	Host B
	Host A	(VLAN 20)
	(VLAN 10)	(VLAN 20)
	(VLAN 10)

26964

	Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
23-10	78-14064-04

Image 10

Contents This chapter consists of these sections ACL Configuration Guidelines23-1 Hardware and Software ACL Support 23-2Determining Layer 4 Operation Usage 23-3More detailed example follows Configuring the Cisco IOS Firewall Feature SetDetermining Logical Operation Unit Usage 23-4Cisco IOS Firewall Feature Set Support Overview 23-5Restrictions Firewall Configuration Guidelines and RestrictionsConfiguring Cbac on Cisco 7600 Series Routers GuidelinesConfiguring MAC Address-Based Traffic Blocking 23-7Vacl Overview Configuring Vlan ACLsUnderstanding VACLs 23-8Same interface VACLs and Cbac cannot be configured on the same interfaceBridged Packets Igmp packets are not checked against VACLsRouted Packets 23-10Multicast Packets Configuring VACLsThese sections describe configuring VACLs 23-11To define a Vlan access map, perform this task Vacl Configuration OverviewDefining a Vlan Access Map 23-12Deletes the match clause in a Vlan access map sequence Configuring a Match Clause in a Vlan Access Map SequenceConfigures the match clause in a Vlan access map sequence 23-13Applying a Vlan Access Map Configuring an Action Clause in a Vlan Access Map Sequence23-14 Vlan Access Map Configuration and Verification Examples Verifying Vlan Access Map Configuration23-15 Configuring a Capture Port 23-16Configuring Vacl Logging 23-17Configuring TCP Intercept 23-18Understanding Unicast RPF Support Configuring Unicast Reverse Path ForwardingConfiguring Unicast RPF Enabling Self-PingingConfiguring the Unicast RPF Checking Mode 23-20This example shows how to verify the configuration Configuring Unicast Flood Protection23-21 Configuring MAC Move Notification 23-2223-23 23-24

Related manuals

Manual 74 pages 38.06 Kb