EasyManuals Logo

Cisco WS-C6506 User Manual

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #456 background imageLoading...
Page #456 background image
15-60
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring VACLs
Step 4 Enter the set security acl ip acl_name deny log command to create an IP VACL and enable logging.
Step 5 Enter the commit security acl acl_name command to commit the VACL to NVRAM.
Step 6 Enter the set security acl map acl_name vlan command to map the VACL to a VLAN.
Configuration Examples
This example shows how to set the logging level:
Console> (enable) set logging level acl 6
System logging facility <acl> for this session set to severity 6(information)
This example shows how to allocate a new log table that is based on the maximum flow:
Console> (enable) set security acl log maxflow 512
Set VACL Log table to 512 flow patterns.
This example shows how to set the redirect rate:
Console> (enable) set security acl log ratelimit 1000
Max logging eligible packet rate set to 1000pps.
This example shows how to display the VACL log configuration:
Console> (enable) show security acl log config
VACL LOG Configration
-------------------------------------------------------------
Max Flow Pattern : 512
Max Logging Eligible rate (pps) : 1000
This example shows how to create an ACE for my_cap and specify that the denied traffic is logged:
Console> (enable) set security acl ip my_cap deny ip host 21.0.0.1 log
my_cap editbuffer modified. Use ’commit’ command to apply changes.
Console> (enable)
This example shows how to commit the my_cap ACL to NVRAM:
Console> (enable) commit security acl my_cap
ACL commit in progress.
ACL my_cap successfully committed.
Console> (enable)
This example shows how to map the VACL to a VLAN:
Console> (enable) set security acl map my_cap 1
Mapping in progress.
ACL my_cap successfully mapped to VLAN 1.
:
:
2000 Jul 19 01:14:06 %ACL-6-VACLLOG:VLAN 1(Port 2/1) denied ip tcp 21.0.0.1(2000) ->
255.255.255.255(3000), 1 packet
2000 Jul 19 01:19:06 %ACL-6-VACLLOG:VLAN 1(Port 2/1) denied ip tcp 21.0.0.1(2000) ->
255.255.255.255(3000), 7 packets
2000 Jul 19 01:25:06 %ACL-6-VACLLOG:VLAN 1(Port 2/2) denied ip tcp 21.0.0.1(2000) ->
255.255.255.255(3000), 1 packets

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco WS-C6506 and is the answer not in the manual?

Cisco WS-C6506 Specifications

General IconGeneral
BrandCisco
ModelWS-C6506
CategorySwitch
LanguageEnglish

Related product manuals