15-53
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
This example shows how to display the contents of the edit buffer:
Console> (enable) show security acl info MACACL1 editbuffer
set security acl mac MACACL1
-----------------------------------------------------------------
1. deny 8-2-3-4-7-A any
2. deny any A-B-C-D-1-2
3. permit any any
Console> (enable)
Note For more information about the show security acl info command, see the “Displaying the Contents of a
VACL” section on page 15-54.
This example shows how to commit the ACEs to NVRAM:
Console> (enable) commit security acl all
ACL commit in progress.
ACL MACACL1 is committed to hardware.
Console> (enable)
Note For more information about the commit security acl all command, see the “Committing ACLs” section
on page 15-53.
Enter the show security acl info MACACL1 command to verify that the changes were committed. If
this VACL has not been mapped to a VLAN, enter the set security acl map command to map it to a
VLAN.
Committing ACLs
You can commit all ACLs or a specific ACL to NVRAM with the commit command. Any committed
ACL with no ACEs will be deleted.
To commit an ACL to NVRAM, perform this task in privileged mode:
This example shows how to commit a specific security ACL to NVRAM:
Console> (enable) commit security acl IPACL2
ACL commit in progress.
ACL IPACL2 is committed to hardware.
Console> (enable)
Mapping a VACL to a VLAN
You can map a VACL to a VLAN with the set security acl map command. Note that there is no default
ACL-to-VLAN mapping; all VACLs need to be mapped to a VLAN.
To map a VACL to a VLAN, perform this task in privileged mode:
Task Command
Commit an ACL to NVRAM. commit security acl acl_name | all
To Next Page