15-58
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
To capture the traffic flows, perform these steps:
Note An IP VACL is used in this description; you can configure IPX and non-IP
version 4/non-IPX VACLs using the same basic steps.
Step 1 Enter the set security acl ip command to create a VACL and add the ACEs; include the capture
keyword.
Step 2 Enter the commit command to commit the VACL and its associated ACEs to NVRAM.
Step 3 Enter the set security acl map command to map the VACL to a VLAN.
Step 4 Enter the set security acl capture-ports mod/ports... command to specify the capture ports.
Configuration Examples
This example shows how to create an ACE for my_cap and specify that the allowed traffic is captured:
Console> (enable) set security acl ip my_cap permit ip host 60.1.1.1 host 60.1.1.98
capture
my_cap editbuffer modified. Use ’commit’ command to apply changes.
Console> (enable)
This example shows how to commit the my_cap ACL to NVRAM:
Console> (enable) commit security acl my_cap
ACL commit in progress.
ACL my_cap successfully committed.
Console> (enable)
This example shows how to map my_cap to VLAN 10:
Console> (enable) set security acl map my_cap 10
Mapping in progress.
VLAN 10 successfully mapped to ACL my_cap.
The old mapping with ACL captest was replaced with the new one.
Console> (enable)
This example shows how to specify the capture ports:
Console> (enable) set security acl capture-ports 1/1-2,2/1-2
Successfully set the following ports to capture ACL traffic:
1/1-2,2/1-2
Console> (enable)
This example shows how to display the ports that have been specified as the capture ports:
Console> (enable) show security acl capture-ports
ACL Capture Ports: 1/1-2,2/1-2
Console> (enable)
This example shows how to clear the capture ports:
Console> (enable) clear security acl capture-ports 1/1,2/1
Successfully cleared the following ports:
1/1,2/1
Console> (enable)
To Next Page
Loading...
