Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems 7600 SERIES manual Bridged Packets, Same interface, 23-9

Models: 7600 SERIES

1 24

Download 24 pages 53.15 Kb

Page 9

Image 9

Chapter 23 Configuring Network Security

Configuring VLAN ACLs

		is first checked against the output ACL applied to the routed interface and, if permitted, the VACL
		configured for the destination VLAN is applied. If a VACL is configured for a packet type and a packet
		of that type does not match the VACL, the default action is deny.

Note		• VACLs and CBAC cannot be configured on the same interface.
		• TCP Intercepts and Reflexive ACLs take precedence over a VACL action if these are configured on
		the same interface.
		• IGMP packets are not checked against VACLs.

Bridged Packets

Figure 23-1shows a VACL applied on bridged packets.

Figure 23-1 Applying VACLs on Bridged Packets

VACLBridged

Host A

(VLAN 10)

Catalyst 6500 Series Switch

with PFC

Host B

(VLAN 10)

26961

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

	78-14064-04	23-9

Page 9

Image 9

Cisco Systems 7600 SERIES Bridged Packets, VACLs and Cbac cannot be configured on the same interface, Same interface, 23-9

Contents

ACL Configuration Guidelines This chapter consists of these sections23-1 23-2 Hardware and Software ACL Support 23-3 Determining Layer 4 Operation Usage Determining Logical Operation Unit Usage Configuring the Cisco IOS Firewall Feature SetMore detailed example follows 23-4 23-5 Cisco IOS Firewall Feature Set Support Overview Configuring Cbac on Cisco 7600 Series Routers Firewall Configuration Guidelines and RestrictionsRestrictions Guidelines 23-7 Configuring MAC Address-Based Traffic Blocking Understanding VACLs Configuring Vlan ACLsVacl Overview 23-8 Bridged Packets VACLs and Cbac cannot be configured on the same interfaceSame interface Igmp packets are not checked against VACLs 23-10 Routed Packets These sections describe configuring VACLs Configuring VACLsMulticast Packets 23-11 Defining a Vlan Access Map Vacl Configuration OverviewTo define a Vlan access map, perform this task 23-12 Configures the match clause in a Vlan access map sequence Configuring a Match Clause in a Vlan Access Map SequenceDeletes the match clause in a Vlan access map sequence 23-13 Configuring an Action Clause in a Vlan Access Map Sequence Applying a Vlan Access Map23-14 Verifying Vlan Access Map Configuration Vlan Access Map Configuration and Verification Examples23-15 23-16 Configuring a Capture Port 23-17 Configuring Vacl Logging 23-18 Configuring TCP Intercept Configuring Unicast RPF Configuring Unicast Reverse Path ForwardingUnderstanding Unicast RPF Support Enabling Self-Pinging 23-20 Configuring the Unicast RPF Checking Mode Configuring Unicast Flood Protection This example shows how to verify the configuration23-21 23-22 Configuring MAC Move Notification 23-23 23-24

• VACLs and CBAC cannot be configured on the same interface.

the same interface.

• IGMP packets are not checked against VACLs.

Bridged Packets

Figure 23-1shows a VACL applied on bridged packets.

Figure 23-1 Applying VACLs on Bridged Packets

23-9