15-23
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs with Cisco IOS ACLs
Example 3
******** VACL ***********
1 deny ip 0.0.0.0 255.255.255.0 any
2 deny ip 0.0.0.255 255.255.255.0 any
3 deny ip any 0.0.0.0 255.255.255.0
4 permit ip any host 239.255.255.255
5 permit ip any host 255.255.255.255
6 deny ip any 0.0.0.255 255.255.255.0
7 permit tcp any range 0 65534 any range 0 65534
8 permit udp any range 0 65534 any range 0 65534
9 permit icmp any any
10 permit ip any any
******** Cisco IOS ACL **********
1 deny ip any host 239.255.255.255
2 permit ip any any
******** MERGE **********
Using the new algorithm - 12 entries
Using the old algorithm - 303 entries
Example 4
******** VACL ***********
1 redirect 4/25 tcp host 192.168.1.67 host 255.255.255.255
2 redirect 4/25 udp host 192.168.1.67 host 255.255.255.255
3 deny tcp any any lt 30
4 deny udp any any lt 30
5 permit ip any any
******* Cisco IOS ACL ***********
1 deny ip any host 239.255.255.255
2 permit ip any any
******* MERGE **********
Using the new algorithm - 6 entries
Using the old algorithm - 142 entries
Example 5
******** VACL ***********
1 redirect 4/25 tcp host 192.168.1.67 host 255.255.255.255
2 redirect 4/25 udp host 192.168.1.67 host 255.255.255.255
3 permit ip any any
******* Cisco IOS ACL ***********
1 deny ip any host 239.255.255.255
2 permit ip any any
******* MERGE **********
Using the new algorithm - 4 entries
Using the old algorithm - 4 entries
Layer 4 Operations Configuration Guidelines
These sections provide the guidelines for using Layer 4 port operations:
• Determining Layer 4 Operation Usage, page 15-24
• Determining Logical Operation Unit Usage, page 15-24
To Next Page
Loading...
