C H A P T E R
16-1
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
78-13315-02
16
Configuring Access Control
This chapter describes how to configure access control lists (ACLs) on the Catalyst 6000 family
switches. Configuration of the ACLs depends on the type of hardware you install on your supervisor
engine. See the
“Hardware Requirements” section on page 16-2
for details.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the
Catalyst 6000 Family Command Reference
publication.
This chapter consists of these sections:
•
Understanding How ACLs Work, page 16-1
•
Hardware Requirements, page 16-2
•
Supported ACLs, page 16-2
•
Applying Cisco IOS ACLs and VACLs on VLANs, page 16-7
•
Using Cisco IOS ACLs in your Network, page 16-9
•
Using VACLs with Cisco IOS ACLs, page 16-15
•
Using VACLs in your Network, page 16-22
•
Unsupported Features, page 16-27
•
Configuring VACLs, page 16-28
•
Configuring and Storing VACLs and QoS ACLs in Flash Memory, page 16-42
•
Configuring Policy-Based Forwarding, page 16-48
Note
Except where specifically differentiated, the information and procedures in this chapter apply to both
Supervisor Engine 2 with Layer 3 Switching Engine II (Policy Feature Card 2 or PFC2) and
Supervisor Engine 1 with Layer 3 Switching Engine II (Policy Feature Card or PFC).
Understanding How ACLs Work
Traditionally, switches operated at Layer 2 only; switches switched traffic within a VLAN and routers
routed traffic between VLANs. Catalyst 6000 family switches with the Multilayer Switch Feature Card
(MSFC) can accelerate packet routing between VLANs by using Layer 3 switching (Multilayer