KB.15.15

Figure 217 ACL "Test-1" and interface assignment commands

Figure 218 Using the same ACL for VACL and RACL applications

In the above case:

• Matches with ACEs 10 or 20 that originate on VLAN 20 will increment only the counters for

the instances of these two ACEs in the Test-1 VACL assignment on VLAN 20. The same counters

in the instances of ACL Test-1 assigned to VLANs 50 and 70 will not be incremented.

• Any Telnet requests to 10.10.20.12 that originate on VLANs 50 or 70 will be filtered by

instances of Test-1 assigned as RACLs, and will increment the counters for ACE 10 on both

RACL instances of the Test-1 ACL.

Using the network in Figure 83 (page 111), a device at 10.10.20.4 on VLAN 20 attempting to

ping and Telnet to 10.10.20.12 is filtered through the VACL instance of the "Test-1" ACL on VLAN

20 and results in the following:

Figure 219 Ping and telnet from 10.10.20.4 to 10.10.20.2 filtered by the assignment of "Test-1"

as a VACL on VLAN 20

Figure 220 Resulting ACE hits on ACL "Test-1"

300 IPv4 Access Control Lists (ACLs)