Using Pacl With Vlan Maps And Router Acls - Cisco 4500M Software Manual

Using PACL with VLAN Maps and Router ACLs

This example shows that the IP access group simple-ip-acl is configured on the inbound direction of
interface fa6/1:
Switch# show ip interface fast 6/1
FastEthernet6/1 is up, line protocol is up
Inbound
Outgoing access list is not set
This example shows that MAC access group simple-mac-acl is configured on the inbound direction of
interface fa6/1:
Switch# show mac access-group interface fast 6/1
Interface FastEthernet6/1:
Inbound access-list is simple-mac-acl
Outbound access-list is not set
This example shows that access group merge is configured on interface fa6/1:
Switch# show access-group mode interface fast 6/1
Interface FastEthernet6/1:
Access group mode is: merge
Using PACL with VLAN Maps and Router ACLs
For output PACLs, there is no interaction with VACL or output Router ACLs. (See the restrictions listed
in the
interaction with Router ACLs and VACLs depends on the interface access group mode as shown in
Table
Table 35-1 Interaction Between PACLs, VACLs and Router ACLs
ACL Type(s)
1.
2.
3.
Each ACL Type listed in
following discussion.
Software Configuration Guide—Release 12.2(25)EW
35-26
access list is simple-ip-acl
"PACL Configuration Guidelines" section on page
35-1.
Input PACL
prefer port
mode
Input Router ACL PACL applied
VACL PACL applied
VACL + Input Router PACL applied
ACL
Table 35-1
Chapter 35
35-23.) For input PACLs, however, the
prefer vlan merge mode
mode
Input Router PACL, Input Router ACL (merged)
ACL applied applied in order (ingress)
VACL PACL, VACL (merged) applied in order
applied (ingress)
VACL + PACL, VACL, Input Router ACL
Input Router (merged) applied in order (ingress)
ACL applied
is synonymous with a different scenario, as explained in the
Configuring Network Security with ACLs
OL-6696-01