15-74
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Configuring Port-Based ACLs
This example shows how to display PACL information for port 3/1:
Console> (enable) show port security-acl 3/1
Port Interface Type Interface Type Interface Merge Status
config runtime runtime
----- -------------- -------------- ----------------------
3/1 port-based port-based not applicable
Config:
Port ACL name Type
----- -------------------------------- ----
3/1 ipacl1 IP
Runtime:
Port ACL name Type
----- -------------------------------- ----
No ACL is mapped to port 3/1.
dhcp-snooping:
Port Trust Source-Guard Source-Guarded IP Addresses
----- ----------- ------------ ---------------------------
3/1 untrusted disabled
Console> (enable)
Mapping an ACL to Ports or to VLANs
An ACL may be mapped to a port even if the port is in VLAN-based mode. In such cases, the
configuration is committed to NVRAM and is later restored to the hardware when the port is changed to
port-based or merge mode. This functionality is similar to QoS.
Mapping an ACL to a VLAN causes the following operations to occur:
1. The ACL is mapped to the VLAN.
2. A merge is automatically triggered with all the constituent ports that are in merge mode.
If (1) fails, the operation fails and a syslog message is generated. For (2), a syslog is generated for any
ports that failed to merge with the VACL. These ports are temporarily placed in VLAN-based mode. If
any ports fail to merge, the status of the merge displayed through the show port security-acl mod/port
command is “merge disabled.” For an example of the “merge disabled” status, see “Example 6” in the
“PACL Configuration Examples” section on page 15-76.
To map an ACL to a port or a VLAN, perform this task in privileged mode:
This example shows how to map an ACL to port 3/1:
Console> (enable) set security acl map ipacl1 3/1
Mapping in progress.
ACL ipacl1 is successfully mapped to port(s) 3/1.
Task Command
Map an ACL to a port or a VLAN. set security acl map acl_name [mod/ports | vlans]
To Next Page
Loading...
