Installation guide

4-68

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 4 Configuring Virtual Contexts

Configuring Security with ACLs

• BPDU—Specifies Bridge Protocol Data Units. The ACE receives trunk port (Cisco proprietary)

BPDUs because ACE ports are trunk ports. Trunk BPDUs have VLAN information inside the

payload, so the ACE modifies the payload with the outgoing VLAN if you allow BPDUs. If you

configure redundancy, you must allow BPDUs on both interfaces with an EtherType ACL to avoid

bridging loops. For for information about configuring redundancy, see the “Configuring High

Availability” section on page 11-1.

• IPv6—Specifies Internet Protocol version 6.

• MPLS—Specifies Multi Protocol Label Switching. The MPLS selection applies to both MPLS

unicast and MPLS multicast traffic. If you allow MPLS, ensure that Label Distribution Protocol

(LDP) and Tag Distribution Protocol (TDP) TCP connections are established through the ACE by

configuring both MPLS routers connected to the ACE to use the IP address on the ACE interface as

the router-id for LDP or TDP sessions. LDP and TDP allow MPLS routers to negotiate the labels

(addresses) used to forward packets.

Step 6 Click Add To Table and add one or more ACL entries if required repeating Step 4 and Step 5 as needed.

Step 7 Associate any VLAN interface to this ACL if required and do one of the following:

• Click Deploy to immediately deploy this configuration.

• Click Cancel to exit without saving your entries and to return to the ACL Summary table.