Cisco WS-C6506 - Page 444

1488 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

15-48

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

OL-8978-04

Chapter 15 Configuring Access Control

Configuring VACLs

This example shows how to disable BDD:

Console> (enable) set aclmerge bdd disable

Bdd will be disabled on system restart.

Console> (enable)

This example shows how to display the current BDD status and whether BDD will be enabled or disabled

at the next system restart:

Console> (enable) show aclmerge bdd

Bdd is not enabled.

On system restart bdd will be disabled.

Console> (enable)

To specify the ACL-merge algorithm, perform this task in privileged mode:

This example shows how to specify the ODM algorithm:

Console> (enable) set aclmerge algo odm

Acl merge algorithm set to odm.

Console> (enable)

This example shows the ACL-merge algorithm that is currently in use:

Console> (enable) show aclmerge algo

Current acl merge algorithm is odm.

Console> (enable)

Creating an IP VACL and Adding ACEs

To create a new IP VACL and add the ACEs, or to add the ACEs to an existing IP VACL, perform one

of these tasks in privileged mode:

This example shows how to create an ACE for IPACL1 to allow the traffic from source address

172.20.53.4:

Console> (enable) set security acl ip IPACL1 permit host 172.20.53.4 0.0.0.0

IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.

Console> (enable)

Task Command

Step 1

Specify the ACL-merge algorithm. set aclmerge algo {bdd | odm}

Step 2

Display the ACL-merge algorithm that is currently

in use.

show aclmerge {bdd | algo}

Task Command

If an IP protocol specification is not

required, use the following syntax.

set security acl ip {acl_name} {permit | deny} {src_ip_spec} [capture]

[before editbuffer_index | modify editbuffer_index] [log

1

]

1. The log keyword provides logging messages for denied IP VACLs only.

If an IP protocol is specified, use the

following syntax.

set security acl ip {acl_name} {permit | deny | redirect mod_num/

port_num} {protocol} {src_ip_spec} {dest_ip_spec} [precedence

precedence] [tos tos] [capture] [before editbuffer_index | modify

editbuffer_index] [log

1

]

Table of Contents

Related product manuals

Preview: Cisco WS-C6509

Preview: Cisco WS-C2950-24

Cisco WS-C2950-24

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Cisco WS-C2940-8TT-S

Preview: Cisco WS-C3750-48PS-S

Cisco WS-C3750-48PS-S

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-C3560-48PS-S

Cisco WS-C3560-48PS-S

Preview: Cisco WS-C2960L-8TS-LL

Cisco WS-C2960L-8TS-LL

Preview: Cisco WS-C3560E-24PD-E

Cisco WS-C3560E-24PD-E

Cisco WS-C3750G-48PS-S

Preview: Cisco WS-C2960L-24TS-LL

Cisco WS-C2960L-24TS-LL

Preview: Cisco Catalyst WS-C3850-24T-L

Cisco Catalyst WS-C3850-24T-L