15-52
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
2. permit any 1
3. deny any any 1.A.3.4
4. redirect 4/1 any 3456
5. permit any any
ACL IPXACL1 Status: Not Committed
Console> (enable)
This example shows how to commit the ACEs to NVRAM:
Console> (enable) commit security acl all
ACL commit in progress.
ACL IPXACL1 is committed to hardware.
Console> (enable)
Note For more information about the commit security acl all command, see the “Committing ACLs” section
on page 15-53.
Enter the show security acl info IPXACL1 command to verify that the changes were committed. If this
VACL has not been mapped to a VLAN, enter the set security acl map command to map it to a VLAN.
Creating a Non-IP Version 4/Non-IPX VACL (MAC VACL) and Adding ACEs
Caution The IP and IPX traffic are not access controlled by the MAC VACLs. All other traffic types (AppleTalk,
DECnet, and so on) are classified as the MAC traffic and the MAC VACLs are used to access control this
traffic.
To create a new non-IP version 4/non-IPX VACL and add the ACEs, or to add the ACEs to an existing
non-IP version 4/non-IPX VACL, perform this task in privileged mode:
This example shows how to create an ACE for MACACL1 to block all traffic from 8-2-3-4-7-A:
Console> (enable) set security acl mac MACACL1 deny host 8-2-3-4-7-A any
MACACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to create an ACE for MACACL1 to block all traffic to A-B-C-D-1-2:
Console> (enable) set security acl mac MACACL1 deny any host A-B-C-D-1-2
MACACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to create an ACE for MACACL1 to allow the traffic from all sources:
Console> (enable) set security acl mac MACACL1 permit any any
MACACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
Task Command
Create a new non-IP
version 4/non-IPX VACL and add the
ACEs, or add the ACEs to an existing
non-IP version 4/non-IPX VACL.
set security acl mac {acl_name} {permit | deny}
{src_mac_addr_spec} {dest_mac_addr_spec} [ethertype]
[capture] [before editbuffer_index | modify
editbuffer_index]
To Next Page
Loading...
Need help?
General