23-11
Cisco7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter23 Configuring Network Security
Configuring VLAN ACLs
Multicast Packets
Figure 23-3 shows how ACLs are applied on packets that need multicast expansion. For packets that
need multicast expansion, the ACLs are applied in the following order:
1. Packets that need multicast expansion:
a. VACL for input VLAN
b. Input Cisco IOS ACL
2. Packets after multicast expansion:
a. Output Cisco IOS ACL
b. VACL for output VLAN (not supported with PFC2)
3. Packets originating from router—VACL for output VLAN
Figure 23-3 Applying VACLs on Multicast Packets
Configuring VACLsThese sections describe configuring VACLs:
•VACL Configuration Overview, page 23-12
•Defining a VLAN Access Map, page 23-12
•Configuring a Match Clause in a VLAN Access Map Sequence, page 23-13
•Configuring an Action Clause in a VLAN Access Map Sequence, page 23-14
•Applying a VLAN Access Map, page 23-14
•Verifying VLAN Access Map Configuration, page 23-15
Catalyst 6500 Series Switch
with MSFC
Host B
(VLAN 20)
Host D
(VLAN 20)
Host A
(VLAN 10)
Host C
(VLAN 10)
26965
Bridged
Bridged
VACL
VACL (Not supported
on PFC2)
Input IOS ACL
Output IOS ACL
Routed MSFC
IOS ACL for
output VLAN
for packets
originating from
router