23-9
Cisco7600 Series Router Cisco IOS Software Configuration Guide—12.1E
78-14064-04
Chapter23 Configuring Network Security
Configuring VLAN ACLs
is first checked against the output ACL applied to the routed interface and, if permitted, the VACL
configured for the destination VLAN is applied. If a VACL is configured for a packet type and a packet
of that type does not match the VACL, the default action is deny.
Note • VACLs and CBAC cannot be configured on the same interface.
•TCP Intercepts and Reflexive ACLs take precedence over a VACL action if these are configured on
the same interface.
•IGMP packets are not checked against VACLs.
Bridged PacketsFigure 23-1 shows a VACL applied on bridged packets.
Figure 23-1 Applying VACLs on Bridged Packets
Catalyst 6500 Series Switch
with PFC
Host B
(VLAN 10)
Host A
(VLAN 10)
26961
VACL Bridged