Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

62-18

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 62 Configuring Network Security with ACLs

Configuring Named IPv6 ACLs

EtherType matching allows you to classify tagged and untagged IP packets based on the EtherType

value. Tagged packets present a potential operation problem:

• While single-tagged packets are supported on the access and trunk ports, double-tagged packets are

not.

• Single and double-tagged packets are not supported if the port mode is dot1qtunnel.

For more information about the mac access-list extended command, refer to the Catalyst 4500 Series

Switch Cisco IOS Command Reference.

To create a named MAC extended ACL, perform this task:

This example shows how to create and display an access list named matching, permitting the 0x8863 and

0x8040 EtherType values:

Switch(config)# mac access-list extended matching

Switch(config-ext-macl)# permit any any 0x8863

Switch(config-ext-macl)# permit any any 0x8040

Switch(config-ext-macl)# end

Switch # show access-lists matching

Extended MAC access list matching

permit any any 0x8863

permit any any netbios

Switch #

Configuring Named IPv6 ACLs

Supervisor Engine 6-E, Supervisor Engine 6L-E, Supervisor Engine 7-E, Supervisor Engine 7L-E, and

Supervisor Engine 8-E support hardware-based IPv6 ACLs to filter unicast, multicast and broadcast IPv6

traffic on Layer 2 and Layer 3 interfaces. You can only configure such access lists on Layer 3 interfaces

that are configured with an IPv6 address.

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# [no] mac access-list

extended name

Defines an extended MAC access list using a name.

To delete the entire ACL, use the no mac access-list extended

name global configuration command. You can also delete

individual ACEs from named MAC extended ACLs.

Step 3

Switch(config-ext-macl)# {deny | permit}

{any | host source MAC address | source

MAC address mask} {any | host destination

MAC address | destination MAC address

mask} [protocol-family {appletalk |

arp-non-ipv4 | decnet | ipx | ipv6 (not

supported on Sup 6-E and 6L-E)| rarp-ipv4

| rarp-non-ipv4 | vines | xns} |

ethertype]

In extended MAC access-list configuration mode, specify to

permit or deny any based upon the EtherTypes value, valid values

are 15636-65535.

Note You can specify matching by either EtherType or protocol

family but not both.

Step 4

Switch(config-ext-macl)# end

Returns to privileged EXEC mode.

Step 5

Switch# show access-lists [number | name]

Shows the access list configuration.

Step 6

Switch(config)# copy running-config

startup-config

(Optional) Saves your entries in the configuration file.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E