Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

62-35

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 62 Configuring Network Security with ACLs

Configuring PACLs

• prefer VLAN mode—VLAN-based ACL features take effect on the port if they have been applied on

the port and no PACLs are in effect. If no VLAN-based ACL features are applicable to the Layer 2

interface, then the PACL feature already on the interface is applied.

• merge mode—Merges applicable ACL features before they are programmed into the hardware.

Configuring Access-group Mode on Layer 2 Interface

To configure an access mode on a Layer 2 interface, perform this task:

This example shows how to merge and apply features other than PACL on the interface:

Switch# configure terminal

Switch(config)# interface fast 6/1

Switch(config-if)# access-group mode prefer port

This example shows how to merge applicable ACL features before they are programmed into hardware:

Switch# configure terminal

Switch(config)# interface fast 6/1

Switch(config-if)# access-group mode merge

Applying ACLs to a Layer 2 Interface

To apply IPv4, IPv6, and MAC ACLs to a Layer 2 interface, perform one of these tasks:

This example applies the extended named IP ACL simple-ip-acl to interface FastEthernet 6/1 ingress

traffic:

Switch# configure terminal

Switch(config)# interface fast 6/1

Switch(config-if)# ip access-group simple-ip-acl in

This example applies the IPv6 ACL simple-ipv6-acl to interface FastEthernet 6/1 ingress traffic:

Switch# configure terminal

Switch(config)# interface fast 6/1

Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# interface interface

Enters interface configuration mode.

Step 3

Switch(config-if)# [no] access-group mode

{prefer {port | vlan} | merge}

Applies numbered or named ACL to the Layer 2 interface.

The no form deletes the IP or MAC ACL from the Layer 2

interface.

Step 4

Switch(config)# show running-config

Displays the access list configuration.

Command Purpose

Switch(config-if)# ip access-group ip-acl {in | out}

Applies an IPv4 ACL to the Layer 2 interface.

Switch(config-if)# ipv6 traffic-filter ipv6-acl {in | out}

Applies an IPv6 ACL to the Layer 2 interface.

Switch(config-if)# mac access-group mac-acl {in | out}

Applies a MAC ACL to the Layer 2 interface.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E