Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

65-40

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 65 Managing Cisco Catalyst Switches and Cisco 7600 Series Routers

VLAN ACLs (VACLs)

Related Topics

• Creating Access Control List Objects, page 6-49

• Create and Edit VLAN ACL Dialog Boxes, page 65-41

• Create and Edit VLAN ACL Content Dialog Boxes, page 65-42

• Filtering Tables, page 1-45

Field Reference

Table 65-18 VLAN Access Lists Page

Element Description

VLAN Access Lists table

VLAN ACL Displays the VLAN ACL name.

Sequence Specifies the map sequence number. VACL sequences are applied in

order of sequence, from lowest number to highest.

Matching Displays the Match ACLs, if any are defined. VACL matching occurs

only when an ACL permit is encountered. ACL denies are ignored.

Action Specify whether the action is to drop, drop and log, forward, forward

and capture, or redirect packets.

Note The redirect action helps you to specify as many as five

interfaces, which can be physical interfaces or EtherChannels.

You cannot redirect packets to an EtherChannel member or a

VLAN interface.

VLAN IDs Interface-specific identity of the VLAN that a table row describes. The

VLAN ID specifies where 802.1Q tagged packets are sent and received

on the subinterface; without a VLAN ID, the subinterface cannot send

or receive traffic.

Add Row button Opens the Create VLAN ACL dialog box, where you can define a new

VAC L .

Edit Row button Opens the Edit VLAN ACL dialog box, where you can edit the selected

VAC L .

Delete Row button Deletes the selected access list.

Additional fields

Log Table Size Displays the log table size.

Valid sizes range from 0 to 2048 and the default is 500. Logged packets

from new flows are dropped when the table is full.

Max. Packet Rate Displays the maximum redirect VACL logging packet rate per second.

Valid rates range from 10 to 5000 packets per second and the default

rate is 2000. Packets that exceed the limit are dropped.

Logging Threshold Displays the logging threshold if one is set. By default, no threshold is

set.

When you configure VACL logging, IP packets that are denied generate

log messages on a per-flow basis if the threshold for a flow is reached

in any interval of less than 5 minutes. Only dropped IP packets can be

logged.

previous next