EasyManua.ls Logo

Cisco Catalyst 4500 Series - Configuring Access-Group Mode on Layer 2 Interface

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
62-35
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 62 Configuring Network Security with ACLs
Configuring PACLs
prefer VLAN modeVLAN-based ACL features take effect on the port if they have been applied on
the port and no PACLs are in effect. If no VLAN-based ACL features are applicable to the Layer 2
interface, then the PACL feature already on the interface is applied.
merge modeMerges applicable ACL features before they are programmed into the hardware.
Configuring Access-group Mode on Layer 2 Interface
To configure an access mode on a Layer 2 interface, perform this task:
This example shows how to merge and apply features other than PACL on the interface:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# access-group mode prefer port
This example shows how to merge applicable ACL features before they are programmed into hardware:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# access-group mode merge
Applying ACLs to a Layer 2 Interface
To apply IPv4, IPv6, and MAC ACLs to a Layer 2 interface, perform one of these tasks:
This example applies the extended named IP ACL simple-ip-acl to interface FastEthernet 6/1 ingress
traffic:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# ip access-group simple-ip-acl in
This example applies the IPv6 ACL simple-ipv6-acl to interface FastEthernet 6/1 ingress traffic:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface interface
Enters interface configuration mode.
Step 3
Switch(config-if)# [no] access-group mode
{prefer {port | vlan} | merge}
Applies numbered or named ACL to the Layer 2 interface.
The no form deletes the IP or MAC ACL from the Layer 2
interface.
Step 4
Switch(config)# show running-config
Displays the access list configuration.
Command Purpose
Switch(config-if)# ip access-group ip-acl {in | out}
Applies an IPv4 ACL to the Layer 2 interface.
Switch(config-if)# ipv6 traffic-filter ipv6-acl {in | out}
Applies an IPv6 ACL to the Layer 2 interface.
Switch(config-if)# mac access-group mac-acl {in | out}
Applies a MAC ACL to the Layer 2 interface.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals