15-34
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Using VACLs in Your Network
This example shows how to permit the ARP packets that advertise a binding of IP address 172.20.52.19:
Console> (enable) set security acl ip ACL2 permit arp-inspection host 172.20.52.19 any
Operation successful.
Console> (enable) commit security acl ACL2
Console> (enable) ACL commit in progress.
ACL 'ACL2' successfully committed.
Permitting or Denying All ARP Packets
To permit or deny all ARP packets, perform this task in privileged mode:
This example shows how to permit all ARP packets:
Console> (enable) set security acl ip ACL3 permit arp-inspection any any
Operation successful.
Console> (enable) commit security acl ACL3
Console> (enable) ACL commit in progress.
ACL 'ACL3' successfully committed.
Permitting or Denying ARP Packets that Advertise Bindings for IP Addresses on a Particular Network
To permit or deny the ARP packets that advertise a binding for the IP addresses on a particular network,
perform this task in privileged mode:
Note The ip_mask is a reverse mask. The “0” bit means “match” and the “1” bit means “ignore.” For example,
10.3.5.6 and 0.0.0.255 are equivalent to 10.3.5/24.
This example shows how to permit the ARP packets that advertise a binding for the IP addresses on the
10.3.5.0/24 subnet:
Console> (enable) set security acl ip ACL4 permit arp-inspection 10.3.5.6 0.0.0.255 any
Operation successful.
Console> (enable) commit security acl ACL4
Console> (enable) ACL commit in progress.
Task Command
Step 1
Permit or deny all ARP packets. set security acl ip acl_name {permit | deny}
arp-inspection any any
Step 2
Commit the VACL. commit security acl {acl_name | all |
adjacency}
Task Command
Step 1
Permit or deny the ARP packets that advertise a
binding for the IP addresses on a particular network.
set security acl ip acl_name {permit | deny}
arp-inspection ip_address ip_mask any
Step 2
Commit the VACL. commit security acl {acl_name | all |
adjacency}
To Next Page
Loading...
Need help?
General