EasyManuals Logo

Cisco Catalyst 3550 Series User Manual

Cisco Catalyst 3550 Series
992 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #564 background imageLoading...
Page #564 background image
28-26
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
Chapter 28 Configuring Network Security with ACLs
Configuring Named MAC Extended ACLs
This is a an example of a log for an extended IP ACL:
01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 1
packet
01:25:14:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 7
packets
01:26:12:%SEC-6-IPACCESSLOGP:list ext1 denied udp 0.0.0.0(0) -> 255.255.255.255(0), 1
packet
01:31:33:%SEC-6-IPACCESSLOGP:list ext1 denied udp 0.0.0.0(0) -> 255.255.255.255(0), 8
packets
Note that all logging entries for IP ACLs start with %SEC-6-IPACCESSLOG with minor variations in format
depending on the kind of ACL and the access entry that has been matched.
This is an example of an output message when the log-input keyword is entered:
00:04:21:%SEC-6-IPACCESSLOGDP:list inputlog permitted icmp 10.1.1.10 (Vlan1
0001.42ef.a400) -> 10.1.1.61 (0/0), 1 packet
A log message for the same sort of packet using the log keyword does not include the input interface
information:
00:05:47:%SEC-6-IPACCESSLOGDP:list inputlog permitted icmp 10.1.1.10 -> 10.1.1.61 (0/0), 1
packet
Configuring Named MAC Extended ACLs
You can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses
and named MAC extended ACLs. The procedure is similar to that of configuring other extended named
ACLs. You can use a number to name the access list, but MAC access list numbers from 700 to 799 are
not supported.
Note Named MAC extended ACLs cannot be applied to Layer 3 interfaces.
For more information about the supported non-IP protocols in the mac access-list extended command,
refer to the command reference for this release.
Note Though visible in the command-line help strings, appletalk is not supported as a matching condition for
the deny and permit MAC access-list configuration mode commands nor is matching on the EtherType
of any SNAP-encapsulated packet with a nonzero Organizational Unique Identifier (OUI).
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
mac access-list extended name Define an extended MAC access list using a name.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3550 Series and is the answer not in the manual?

Cisco Catalyst 3550 Series Specifications

General IconGeneral
Form FactorRack-mountable
ManageableYes
RAM64 MB
Device TypeSwitch
MAC Address Table Size12000 entries
Routing ProtocolRIP
FeaturesVLAN support
Power SupplyAC 120/230 V (50/60 Hz)
Ports24 or 48 x 10/100Base-TX, 1 x GBIC, 2 x 10/100/1000Base-T
Operating Temperature32 to 113°F (0 to 45°C)

Related product manuals