Acls and routed packets, Acls and multicast packets – Dell POWEREDGE M1000E User Manual

34-39

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 34 Configuring Network Security with ACLs

Using VLAN Maps with Router ACLs

ACLs and Routed Packets

Figure 34-7

shows how ACLs are applied on routed packets. For routed packets, the ACLs are applied

in this order:

1.

VLAN map for input VLAN

2.

Input router ACL

3.

Output router ACL

4.

VLAN map for output VLAN

Figure 34-7

Applying ACLs on Routed Packets

ACLs and Multicast Packets

Figure 34-8

shows how ACLs are applied on packets that are replicated for IP multicasting. A multicast

packet being routed has two different kinds of filters applied: one for destinations that are other ports in
the input VLAN and another for each of the destinations that are in other VLANs to which the packet
has been routed. The packet might be routed to more than one output VLAN, in which case a different
router output ACL and VLAN map would apply for each destination VLAN.

The final result is that the packet might be permitted in some of the output VLANs and not in others. A
copy of the packet is forwarded to those destinations where it is permitted. However, if the input VLAN
map (VLAN 10 map in

Figure 34-8

) drops the packet, no destination receives a copy of the packet.

Frame

Routing function

VLAN 10

Blade server A

(VLAN 10)

Packet

201778

VLAN 20

Blade server B

(VLAN 20)

VLAN 10

map

Input

router

ACL

Output

router

ACL

VLAN 20

map