15-51
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
This example shows how to create an ACE for IPXACL1 to block all traffic from source network 1234:
Console> (enable) set security acl ipx IPXACL1 deny any 1234
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to create an ACE for IPXACL1 to block all traffic with destination address
1.A.3.4:
Console> (enable) set security acl ipx IPXACL1 deny any any 1.A.3.4
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to create an ACE for IPXACL1 to redirect broadcast traffic to port 4/1 from
source network 3456:
Console> (enable) set security acl ipx IPXACL1 redirect 4/1 any 3456
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to display the contents of the edit buffer:
Console> (enable) show security acl info IPXACL1 editbuffer
set security acl ipx IPXACL1
-----------------------------------------------------------------
1. deny any 1234
2. deny any any 1.A.3.4
3. redirect 4/1 any 3456
Console> (enable)
Note For more information about the show security acl info command, see the “Displaying the Contents of a
VACL” section on page 15-54.
This example shows how to commit the ACEs to NVRAM:
Console> (enable) commit security acl all
ACL commit in progress.
ACL IPXACL1 is committed to hardware.
Console> (enable)
Enter the show security acl info IPXACL1 command to verify that the changes were committed. If this
VACL has not been mapped to a VLAN, enter the set security acl map command to map it to a VLAN.
This example shows how to create an ACE for IPXACL1 to allow all traffic from source network 1 and
insert this ACE before ACE number 2:
Console> (enable) set security acl ipx IPXACL1 permit any 1 before 2
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to create an ACE for IPXACL1 to allow the traffic from all source addresses:
Console> (enable) set security acl ipx IPXACL1 permit any any
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to display the contents of the edit buffer:
Console> (enable) show security acl info IPXACL1 editbuffer
set security acl ipx IPXACL1
-----------------------------------------------------------------
1. deny any 1234
To Next Page
Loading...
Need help?
General