EasyManua.ls Logo

Cisco WS-C6506 - Page 456

Cisco WS-C6506
1488 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-60
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
Step 4 Enter the set security acl ip acl_name deny log command to create an IP VACL and enable logging.
Step 5 Enter the commit security acl acl_name command to commit the VACL to NVRAM.
Step 6 Enter the set security acl map acl_name vlan command to map the VACL to a VLAN.
Configuration Examples
This example shows how to set the logging level:
Console> (enable) set logging level acl 6
System logging facility <acl> for this session set to severity 6(information)
This example shows how to allocate a new log table that is based on the maximum flow:
Console> (enable) set security acl log maxflow 512
Set VACL Log table to 512 flow patterns.
This example shows how to set the redirect rate:
Console> (enable) set security acl log ratelimit 1000
Max logging eligible packet rate set to 1000pps.
This example shows how to display the VACL log configuration:
Console> (enable) show security acl log config
VACL LOG Configration
-------------------------------------------------------------
Max Flow Pattern : 512
Max Logging Eligible rate (pps) : 1000
This example shows how to create an ACE for my_cap and specify that the denied traffic is logged:
Console> (enable) set security acl ip my_cap deny ip host 21.0.0.1 log
my_cap editbuffer modified. Use ’commit’ command to apply changes.
Console> (enable)
This example shows how to commit the my_cap ACL to NVRAM:
Console> (enable) commit security acl my_cap
ACL commit in progress.
ACL my_cap successfully committed.
Console> (enable)
This example shows how to map the VACL to a VLAN:
Console> (enable) set security acl map my_cap 1
Mapping in progress.
ACL my_cap successfully mapped to VLAN 1.
:
:
2000 Jul 19 01:14:06 %ACL-6-VACLLOG:VLAN 1(Port 2/1) denied ip tcp 21.0.0.1(2000) ->
255.255.255.255(3000), 1 packet
2000 Jul 19 01:19:06 %ACL-6-VACLLOG:VLAN 1(Port 2/1) denied ip tcp 21.0.0.1(2000) ->
255.255.255.255(3000), 7 packets
2000 Jul 19 01:25:06 %ACL-6-VACLLOG:VLAN 1(Port 2/2) denied ip tcp 21.0.0.1(2000) ->
255.255.255.255(3000), 1 packets

Table of Contents

Related product manuals