EasyManua.ls Logo

Cisco WS-C6506

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-48
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
This example shows how to disable BDD:
Console> (enable) set aclmerge bdd disable
Bdd will be disabled on system restart.
Console> (enable)
This example shows how to display the current BDD status and whether BDD will be enabled or disabled
at the next system restart:
Console> (enable) show aclmerge bdd
Bdd is not enabled.
On system restart bdd will be disabled.
Console> (enable)
To specify the ACL-merge algorithm, perform this task in privileged mode:
This example shows how to specify the ODM algorithm:
Console> (enable) set aclmerge algo odm
Acl merge algorithm set to odm.
Console> (enable)
This example shows the ACL-merge algorithm that is currently in use:
Console> (enable) show aclmerge algo
Current acl merge algorithm is odm.
Console> (enable)
Creating an IP VACL and Adding ACEs
To create a new IP VACL and add the ACEs, or to add the ACEs to an existing IP VACL, perform one
of these tasks in privileged mode:
This example shows how to create an ACE for IPACL1 to allow the traffic from source address
172.20.53.4:
Console> (enable) set security acl ip IPACL1 permit host 172.20.53.4 0.0.0.0
IPACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Task Command
Step 1
Specify the ACL-merge algorithm. set aclmerge algo {bdd | odm}
Step 2
Display the ACL-merge algorithm that is currently
in use.
show aclmerge {bdd | algo}
Task Command
If an IP protocol specification is not
required, use the following syntax.
set security acl ip {acl_name} {permit | deny} {src_ip_spec} [capture]
[before editbuffer_index | modify editbuffer_index] [log
1
]
1. The log keyword provides logging messages for denied IP VACLs only.
If an IP protocol is specified, use the
following syntax.
set security acl ip {acl_name} {permit | deny | redirect mod_num/
port_num} {protocol} {src_ip_spec} {dest_ip_spec} [precedence
precedence] [tos tos] [capture] [before editbuffer_index | modify
editbuffer_index] [log
1
]

Table of Contents

Related product manuals