15-26
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs in Your Network
Wiring Closet Configuration
In a wiring closet configuration, Catalyst 6500 series switches might not be equipped with the MSFCs
(routers). In this configuration, the switch can still support a VACL and a QoS ACL. Suppose that Host X
and Host Y are in different VLANs and are connected to wiring closet Switch A and Switch C
(see Figure 15-4). The traffic from Host X to Host Y is eventually being routed by the switch that is
equipped with the MSFC. The traffic from Host X to Host Y can be access controlled at the traffic entry
point, Switch A.
If you do not want the HTTP traffic that is switched from Host X to Host Y, you can configure a VACL
on Switch A. All HTTP traffic from Host X to Host Y would be dropped at Switch A and not be bridged
to the switch with the MSFC.
Figure 15-4 Wiring Closet Configuration
Redirecting Broadcast Traffic to a Specific Server Port
Some application traffic uses the broadcast packets that reach every host in a VLAN. With the VACLs,
you can redirect these broadcast packets to the intended application server port.
Figure 15-5 shows an application broadcast packet from Host A being redirected to the target application
server port and preventing other ports from receiving the packet.
To Next Page
Loading...
