47-35
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 47 Configuring Network Security with ACLs
Configuring PACLs
Figure 47-6 Applying ACLs on Routed Packets
Configuring PACLs
This section describes how to configure PACLs, which are used to control filtering on Layer 2 interfaces.
PACLs can filter traffic to or from Layer 2 interfaces based on Layer 3 information, Layer 4 head
information or non-IP Layer 2 information.
This section includes these topics:
• Creating a PACL, page 47-35
• PACL Configuration Guidelines, page 47-36
• Removing the Requirement for a Port ACL, page 47-36
• Webauth Fallback, page 47-37
• Configuring IPv4, IPv6, and MAC ACLs on a Layer 2 Interface, page 47-38
• Using PACL with Access-Group Mode, page 47-39
• Configuring Access-group Mode on Layer 2 Interface, page 47-39
• Applying ACLs to a Layer 2 Interface, page 47-40
• Displaying an ACL Configuration on a Layer 2 Interface, page 47-40
Creating a PACL
To create a PACL and apply it to one or more interfaces, follow these steps:
Step 1 Create the standard or extended IPv4 ACLs, IPv6 ACLs, or named MAC extended ACLs that you want
to apply to the interface.
Frame
Routing function
VLAN 10
Host A
(VLAN 10)
Packet
94157
Catalyst 4500 series switch
VLAN 20
Host B
(VLAN 20)
VLAN 10
map
Input
router
ACL
Output
router
ACL
VLAN 20
map
