Cisco WS-C6506 - Page 447

1488 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

15-51

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

OL-8978-04

Chapter 15 Configuring Access Control

Configuring VACLs

This example shows how to create an ACE for IPXACL1 to block all traffic from source network 1234:

Console> (enable) set security acl ipx IPXACL1 deny any 1234

IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.

Console> (enable)

This example shows how to create an ACE for IPXACL1 to block all traffic with destination address

1.A.3.4:

Console> (enable) set security acl ipx IPXACL1 deny any any 1.A.3.4

IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.

Console> (enable)

This example shows how to create an ACE for IPXACL1 to redirect broadcast traffic to port 4/1 from

source network 3456:

Console> (enable) set security acl ipx IPXACL1 redirect 4/1 any 3456

IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.

Console> (enable)

This example shows how to display the contents of the edit buffer:

Console> (enable) show security acl info IPXACL1 editbuffer

set security acl ipx IPXACL1

-----------------------------------------------------------------

1. deny any 1234

2. deny any any 1.A.3.4

3. redirect 4/1 any 3456

Console> (enable)

Note For more information about the show security acl info command, see the “Displaying the Contents of a

VACL” section on page 15-54.

This example shows how to commit the ACEs to NVRAM:

Console> (enable) commit security acl all

ACL commit in progress.

ACL IPXACL1 is committed to hardware.

Console> (enable)

Enter the show security acl info IPXACL1 command to verify that the changes were committed. If this

VACL has not been mapped to a VLAN, enter the set security acl map command to map it to a VLAN.

This example shows how to create an ACE for IPXACL1 to allow all traffic from source network 1 and

insert this ACE before ACE number 2:

Console> (enable) set security acl ipx IPXACL1 permit any 1 before 2

IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.

Console> (enable)

This example shows how to create an ACE for IPXACL1 to allow the traffic from all source addresses:

Console> (enable) set security acl ipx IPXACL1 permit any any

IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.

Console> (enable)

This example shows how to display the contents of the edit buffer:

Console> (enable) show security acl info IPXACL1 editbuffer

set security acl ipx IPXACL1

-----------------------------------------------------------------

1. deny any 1234

Table of Contents

Related product manuals

Preview: Cisco WS-C6509

Preview: Cisco WS-C2950-24

Cisco WS-C2950-24

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Cisco WS-C2940-8TT-S

Preview: Cisco WS-C3750-48PS-S

Cisco WS-C3750-48PS-S

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-C3560-48PS-S

Cisco WS-C3560-48PS-S

Preview: Cisco WS-C2960L-8TS-LL

Cisco WS-C2960L-8TS-LL

Preview: Cisco WS-C3560E-24PD-E

Cisco WS-C3560E-24PD-E

Cisco WS-C3750G-48PS-S

Preview: Cisco WS-C2960L-24TS-LL

Cisco WS-C2960L-24TS-LL

Preview: Cisco Catalyst WS-C3850-24T-L

Cisco Catalyst WS-C3850-24T-L