54-33
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 54 Configuring Network Security with ACLs
Using PACL with VLAN Maps and Router ACLs
This example applies the extended named MAC ACL simple-mac-acl to interface FastEthernet 6/1
egress traffic:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# mac access-group simple-mac-acl out
Displaying an ACL Configuration on a Layer 2 Interface
To display information about an ACL configuration on Layer 2 interfaces, perform one of these tasks:
This example shows that the IP access group simple-ip-acl is configured on the inbound direction of
interface fa6/1:
Switch# show ip interface fast 6/1
FastEthernet6/1 is up, line protocol is up
Inbound access list is simple-ip-acl
Outgoing access list is not set
This example shows that MAC access group simple-mac-acl is configured on the inbound direction of
interface fa6/1:
Switch# show mac access-group interface fast 6/1
Interface FastEthernet6/1:
Inbound access-list is simple-mac-acl
Outbound access-list is not set
This example shows that access group merge is configured on interface fa6/1:
Switch# show access-group mode interface fast 6/1
Interface FastEthernet6/1:
Access group mode is: merge
Using PACL with VLAN Maps and Router ACLs
For PACLs, the interaction with Router ACLs and VACLs depends on the interface access group mode
as shown in Table 54-1.
Command Purpose
Switch# show ip interface [interface-name]
Shows the IP access group configuration on the interface.
Switch# show mac access-group interface
[interface-name]
Shows the MAC access group configuration on the
interface.
Switch# show access-group mode interface
[interface-name]
Shows the access group mode configuration on the
interface.
To Next Page
Loading...
Need help?
General
