15-44
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Unsupported Features
Unsupported Features
Note
With Supervisor Engine 720 (PFC3A/PFC3B/PFC3BXL) and Supervisor Engine 32
(PFC3B/PFC3BXL), the IPX routing is done through the software and IPX Cisco IOS ACLs and IPX
VACLs are not supported. You can match the IPX packets using the MAC VACLs. You can enter the
ipx-arpa
keyword to match the IPX ARPA frames. Use 0xffff EtherType to match on the IPX
non-ARPA frames and frames with an EtherType of 0xffff. For information on configuring the MAC
VACLs, see the
“Creating a Non-IP Version 4/Non-IPX VACL (MAC VACL) and Adding ACEs” section
on page 15-52
.
This section lists the ACL-related features that are not supported or have limited support on the
Catalyst 6500 series switches:
•
Non-IP version 4/non-IPX Cisco IOS ACLs—The following types of Cisco IOS security ACLs
cannot be enforced on the switch in the hardware; the MSFC has to process the ACL in the software
and this
significantly
degrades system performance:
–
Bridge-group ACLs
–
IP accounting
–
Inbound and outbound rate limiting
–
Standard IPX with source node number
–
IPX extended access lists that specify a source node number or socket numbers are not enforced
in the hardware
–
Standard XNS access list
–
Extended XNS access list
–
DECnet access list
–
Extended MAC address access list
–
Protocol type-code access list
•
IP packets with a header length of less than five will not be access controlled.
•
Non full-flow IPX VACL—IPX VACL is based on a flow that is specified by a source/destination
network number, packet type, and destination node number only. The source node number and
socket number are not supported when specifying the IPX flow.
Configuring VACLs
This section describes how to configure the VACLs. Prior to performing any configuration tasks, see the
“VACL Configuration Guidelines” section on page 15-45
.
These sections provide the guidelines and a summary for configuring the VACLs:
•
VACL Configuration Guidelines, page 15-45
•
VACL Configuration Summary, page 15-46
•
Configuring VACLs from the CLI, page 15-46