Access Controls Lists on Multilayer Cisco Catalyst Switches

download

Did you ever stop and think about just how many options you have for controlling traffic in the data plane on a multilayer Cisco Catalyst switch?

Here is a recap of your options –

  • Port ACL (PACL) – this option is for your Layer 2 switchports. You can apply:
    • IP standard or extended ACLs for controlling IP traffic
    • MAC ACLs for controlling non-IP traffic
  • Router ACL (RACL) – this options is for your Layer 3 ports on the router. You can apply:
    • IP standard or extended ACLs for controlling IP traffic
  • VLAN ACL (VACL) – these are also referred to as VLAN Access Maps. You can apply:
    • IP VLAN maps are for controlling IP traffic
    • MAC VLAN maps are used for controlling non-IP traffic

For most of us – we are well-versed in IP extended and standard access control lists. It is the MAC ACLs of the PACL approach and the VACLs that we need the practice with. I will be sure to publish my CBT Nuggets on this subject on YouTube for all to enjoy.

4 thoughts on “Access Controls Lists on Multilayer Cisco Catalyst Switches

  1. Anthony,

    I’ve been working with the CBT Nuggets CCIE R&S course (great course by the way), VIRL, GNS3 etc. etc. and I’m in my final written exam prep and I’m trying to figure out if I need to spend a lot if any prep time on command syntax. I have solid skill with the syntax, but I do take advantage of the context-sensitive features of IOS. On a written exam I don’t have that luxury, but I don’t want to spend time committing syntax to memory for the written if it’s not required.

    Any thoughts would be appreciated:-)

    1. Yeah – for the most part we do not worry about memorizing syntax! With that said – so much of it you end up having memorized since you will practice it so much. For example, all of the core routing protocols you can configure with zero help.

  2. Hi Anthony
    Gearing up for my Lab and have used the CBT training extensively. I’ve noticed recently online that there are references to v5 updates for example ospfv3 address family configuration

    eg int f0/0
    ospfv3 1 ipv4/ipv6 area 0
    instead of
    int f0/0
    ipv6 ospf 1 area 0

    Will CBT be doing any V5 updates?

    Thanks.

    1. Hi Gavin – I am teaching the new tech section complimentary here at the blog. Please provide me with a link to the other changes you mention…certainly the first I have heard of that.

Leave a Reply

Your email address will not be published. Required fields are marked *