Cisco WS-C6506 - Page 430

1488 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

15-34

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

OL-8978-04

Chapter 15 Configuring Access Control

Using VACLs in Your Network

This example shows how to permit the ARP packets that advertise a binding of IP address 172.20.52.19:

Console> (enable) set security acl ip ACL2 permit arp-inspection host 172.20.52.19 any

Operation successful.

Console> (enable) commit security acl ACL2

Console> (enable) ACL commit in progress.

ACL 'ACL2' successfully committed.

Permitting or Denying All ARP Packets

To permit or deny all ARP packets, perform this task in privileged mode:

This example shows how to permit all ARP packets:

Console> (enable) set security acl ip ACL3 permit arp-inspection any any

Operation successful.

Console> (enable) commit security acl ACL3

Console> (enable) ACL commit in progress.

ACL 'ACL3' successfully committed.

Permitting or Denying ARP Packets that Advertise Bindings for IP Addresses on a Particular Network

To permit or deny the ARP packets that advertise a binding for the IP addresses on a particular network,

perform this task in privileged mode:

Note The ip_mask is a reverse mask. The “0” bit means “match” and the “1” bit means “ignore.” For example,

10.3.5.6 and 0.0.0.255 are equivalent to 10.3.5/24.

This example shows how to permit the ARP packets that advertise a binding for the IP addresses on the

10.3.5.0/24 subnet:

Console> (enable) set security acl ip ACL4 permit arp-inspection 10.3.5.6 0.0.0.255 any

Operation successful.

Console> (enable) commit security acl ACL4

Console> (enable) ACL commit in progress.

Task Command

Step 1

Permit or deny all ARP packets. set security acl ip acl_name {permit | deny}

arp-inspection any any

Step 2

Commit the VACL. commit security acl {acl_name | all |

adjacency}

Task Command

Step 1

Permit or deny the ARP packets that advertise a

binding for the IP addresses on a particular network.

set security acl ip acl_name {permit | deny}

arp-inspection ip_address ip_mask any

Step 2

Commit the VACL. commit security acl {acl_name | all |

adjacency}

Table of Contents

Related product manuals

Preview: Cisco WS-C6509

Preview: Cisco WS-C2950-24

Cisco WS-C2950-24

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Cisco WS-C2940-8TT-S

Preview: Cisco WS-C3750-48PS-S

Cisco WS-C3750-48PS-S

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-C3560-48PS-S

Cisco WS-C3560-48PS-S

Preview: Cisco WS-C2960L-8TS-LL

Cisco WS-C2960L-8TS-LL

Preview: Cisco WS-C3560E-24PD-E

Cisco WS-C3560E-24PD-E

Cisco WS-C3750G-48PS-S

Preview: Cisco WS-C2960L-24TS-LL

Cisco WS-C2960L-24TS-LL

Preview: Cisco Catalyst WS-C3850-24T-L

Cisco Catalyst WS-C3850-24T-L