Chapter 23 Configuring Network Security
Configuring VLAN ACLs
|
| is first checked against the output ACL applied to the routed interface and, if permitted, the VACL |
|
| configured for the destination VLAN is applied. If a VACL is configured for a packet type and a packet |
|
| of that type does not match the VACL, the default action is deny. |
|
|
|
Note | • VACLs and CBAC cannot be configured on the same interface. | |
|
| • TCP Intercepts and Reflexive ACLs take precedence over a VACL action if these are configured on |
|
| the same interface. |
|
| • IGMP packets are not checked against VACLs. |
|
|
|
Bridged Packets
Figure 23-1 shows a VACL applied on bridged packets.
Figure 23-1 Applying VACLs on Bridged Packets
VACLBridged
Host A
(VLAN 10)
Catalyst 6500 Series Switch
with PFC
Host B
(VLAN 10)
26961
Cisco 7600 Series Router Cisco IOS Software Configuration
|
|
| |
|
|