19-39
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter19 Configuring Network Securi ty with ACLs Using VLAN Maps with Router ACLs
Note When configuring ACLs on the switch, to allocate max imum hardware resources for ACLs, you can
use the sdm prefer access global configuration command to set the Switch Database Management
feature to the access template. For more information on the SDM templates, see the Optimizing
System Resources for User-Selected Features section on page6-57.
Examples of Router ACLs and VLAN Maps Applied to VLANs
This section gives examples of applying router ACLs and VLAN maps to a VLAN for switched, bridged,
routed, and multicast packets. Although the following illustrations show packets being forwarded to
their destination, each time the packets path crosses a line indicating a VLAN map or an ACL, i t is also
possible that the packet might be dropped, rather than forwarded.

ACLs and Switched Packets

Figure 19-6 shows how an ACL is applied on packets that are switched within a VLAN. Packets
switched within the VLAN without being routed or forwarded by fallback bridging are only subject to
the VLAN map of the input VLAN.
Figure19-6 Applying ACLs on Switched Packets
VLAN 10
map
Frame
Input
router
ACL
Output
router
ACL
Routing function or
fallback bridge
Catalyst 3550 switch
VLAN 10 VLAN 20
Host C
(VLAN 10)
Host A
(VLAN 10)
VLAN 20
map
Packet
53035