15-25
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs in Your Network
• range uses 1 LOU
• eq does not require a LOU
For example, this ACL would use a single LOU to store two different operator/operand couples:
... Src gt 10 ...
... Dst gt 10
A more detailed example is as follows:
ACL1
... (dst port) gt 10 permit
... (dst port) lt 9 deny
... (dst port) gt 11 deny
... (dst port) neq 6 redirect
... (src port) neq 6 redirect
... (dst port) gt 10 deny
ACL2
... (dst port) gt 20 deny
... (src port) lt 9 deny
... (src port) range 11 13 permit
... (dst port) neq 6 redirect
The Layer 4 operations and LOU usage are as follows:
• ACL1 Layer 4 operations: 5
• ACL2 Layer 4 operations: 4
• LOUs: 4
An explanation of the LOU usage is as follows:
• LOU 1 stores “gt 10” and “lt 9”
• LOU 2 stores “gt 11” and “neq 6”
• LOU 3 stores “gt 20” (with space for one more)
• LOU 4 stores “range 11 13” (range needs the entire LOU)
Using VACLs in Your Network
These sections describe some typical uses for the VACLs:
• Wiring Closet Configuration, page 15-26
• Redirecting Broadcast Traffic to a Specific Server Port, page 15-26
• Restricting the DHCP Response for a Specific Server, page 15-27
• Denying Access to a Server on Another VLAN, page 15-28
• Restricting ARP Traffic, page 15-29
• Inspecting ARP Traffic, page 15-30
• Dynamic ARP Inspection, page 15-39
• Configuring ACLs on Private VLANs, page 15-43
• Capturing Traffic Flows, page 15-43
To Next Page
Loading...
