Chapter 51
Configuring Network Security with ACLs
Figure 51-6 Applying ACLs on Routed Packets
Host A
(VLAN 10)
Configuring PACLs
This section describes how to configure PACLs, which are used to control filtering on Layer 2 interfaces.
PACLs can filter traffic to or from Layer 2 interfaces based on Layer 3 information, Layer 4 head
information or non-IP Layer 2 information.
This section includes these topics:
•
•
•
•
•
•
•
•
•
Creating a PACL
To create a PACL and apply it to one or more interfaces, follow these steps:
Create the standard or extended IPv4 ACLs, IPv6 ACLs, or named MAC extended ACLs that you want
Step 1
to apply to the interface.
OL-25340-01
VLAN 10
map
Frame
VLAN 10
Creating a PACL, page 51-27
PACL Configuration Guidelines, page 51-28
Removing the Requirement for a Port ACL, page 51-28
Webauth Fallback, page 51-29
Configuring IPv4, IPv6, and MAC ACLs on a Layer 2 Interface, page 51-29
Using PACL with Access-Group Mode, page 51-30
Configuring Access-group Mode on Layer 2 Interface, page 51-31
Applying ACLs to a Layer 2 Interface, page 51-31
Displaying an ACL Configuration on a Layer 2 Interface, page 51-32
Catalyst 4500 series switch
Input
Output
router
router
ACL
ACL
Routing function
Packet
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring PACLs
VLAN 20
map
Host B
(VLAN 20)
VLAN 20
51-27