34-39
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter34 Configuring Network Securi ty with ACLs Displaying IPv4 ACL Configuration

ACLs and Multicast Packets

Figure 34-8 shows how ACLs are applied on packets that are replicated for IP multica stin g. A m u ltica st
packet being routed has two different kinds of filters applied: one for destinations that are o th er p orts in
the input VLAN and another for each of the destinations that are in other VLANs to which the packet
has been routed. The packet might be routed to more t h an on e out p ut V L AN, in wh ich case a di fferen t
router output ACL and VLAN map would apply for each destination V LAN .
The final result is that the packet might be permitted in some of the output VL ANs and not in others. A
copy of the packet is forwarded to those destinations where it is permitted. However, if the input VLAN
map (VLAN 10 map in Figure 34-8) drops the packet, no destination re ceives a c opy o f t h e packet .
Figure34-8 Applying ACLs on Multicast Packets
Displaying IPv4 ACL Configuration
You can display the ACLs that are configured on the switch, and you can display the ACLs tha t have
been applied to interfaces and VLANs.
When you use the ip access-group interface configuration command to apply ACLs to a Layer 2
interface, you can display the access groups on the inter face. You can also display the M AC ACLs
applied to a Layer 2 interface. You can use the privileged EXEC commands as described in Table34-2
to display this information.
VLAN 10
map
Frame
Input
router
ACL
Output
router
ACL
Routing function
VLAN 10 VLAN 20
Blade server C
(VLAN 10)
B
lade server A
(VLAN 10) Blade server
B
(VLAN 20)
VLAN 20
map
Packet
201779
Table34-2 Commands for Displaying Access Lists and Access Groups
Command Purpose
show access-lists [number | name] Display the contents of one or all current IP and MAC address access lists
or a specific access list (numbered or named).
show ip access-lists [number | name] Display the contents of all current IP access lists or a specific IP access list
(numbered or named).