Cisco Systems 7600 SERIES manual Configuring VACLs, Multicast Packets, 23-11

Page 11

Chapter 23 Configuring Network Security

Configuring VLAN ACLs

Multicast Packets

Figure 23-3shows how ACLs are applied on packets that need multicast expansion. For packets that need multicast expansion, the ACLs are applied in the following order:

1.Packets that need multicast expansion:

a.VACL for input VLAN

b.Input Cisco IOS ACL

2.Packets after multicast expansion:

a.Output Cisco IOS ACL

b.VACL for output VLAN (not supported with PFC2)

3.Packets originating from router—VACL for output VLAN

Figure 23-3 Applying VACLs on Multicast Packets

 

Catalyst 6500 Series Switch

 

with MSFC

Routed

MSFC

Input IOS ACL

 

Bridged

 

VACL

 

Host A

Bridged

(VLAN 10)

 

IOS ACL for output VLAN for packets originating from router

Output IOS ACL

VACL (Not supported on PFC2)

Host B

(VLAN 20)

26965

Host D

(VLAN 20)

Host C

(VLAN 10)

Configuring VACLs

These sections describe configuring VACLs:

VACL Configuration Overview, page 23-12

Defining a VLAN Access Map, page 23-12

Configuring a Match Clause in a VLAN Access Map Sequence, page 23-13

Configuring an Action Clause in a VLAN Access Map Sequence, page 23-14

Applying a VLAN Access Map, page 23-14

Verifying VLAN Access Map Configuration, page 23-15

 

 

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

 

 

 

 

 

 

78-14064-04

 

 

23-11

 

 

 

 

 

Image 11
Contents 23-1 ACL Configuration GuidelinesThis chapter consists of these sections 23-2 Hardware and Software ACL Support23-3 Determining Layer 4 Operation Usage23-4 Configuring the Cisco IOS Firewall Feature SetDetermining Logical Operation Unit Usage More detailed example follows23-5 Cisco IOS Firewall Feature Set Support OverviewGuidelines Firewall Configuration Guidelines and RestrictionsConfiguring Cbac on Cisco 7600 Series Routers Restrictions23-7 Configuring MAC Address-Based Traffic Blocking23-8 Configuring Vlan ACLsUnderstanding VACLs Vacl OverviewIgmp packets are not checked against VACLs VACLs and Cbac cannot be configured on the same interfaceBridged Packets Same interface23-10 Routed Packets23-11 Configuring VACLsThese sections describe configuring VACLs Multicast Packets23-12 Vacl Configuration OverviewDefining a Vlan Access Map To define a Vlan access map, perform this task23-13 Configuring a Match Clause in a Vlan Access Map SequenceConfigures the match clause in a Vlan access map sequence Deletes the match clause in a Vlan access map sequence23-14 Configuring an Action Clause in a Vlan Access Map SequenceApplying a Vlan Access Map 23-15 Verifying Vlan Access Map ConfigurationVlan Access Map Configuration and Verification Examples 23-16 Configuring a Capture Port23-17 Configuring Vacl Logging23-18 Configuring TCP InterceptEnabling Self-Pinging Configuring Unicast Reverse Path ForwardingConfiguring Unicast RPF Understanding Unicast RPF Support23-20 Configuring the Unicast RPF Checking Mode23-21 Configuring Unicast Flood ProtectionThis example shows how to verify the configuration 23-22 Configuring MAC Move Notification23-23 23-24
Related manuals
Manual 74 pages 38.06 Kb