Cisco WS-C6506 - Page 509

1488 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

15-113

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

OL-8978-04

Chapter 15 Configuring Access Control

Configuring Policy-Based Forwarding

Console> (enable)

The PBF client is now mapped to the PBF gateway as follows:

Console> (enable) show pbf client

Name : CLIENT-TEST

Map : GATEWAY-TEST,

VLAN : 10

Clients : 1

Adjacency ip mac

-------------------------------------------------

.c0000CLIENT-TEST 10.0.0.10 00-00-11-11-22-22

Console> (enable)

The PBF gateway is now mapped to the PBF client as follows:

Console> (enable) show pbf gw

Name : GATEWAY-TEST

Map : CLIENT-TEST,

VLAN : 1

Gateways : 1

Adjacency ip mask mac

----------------------------------------------------------------

.g0001GATEWAY-TEST 10.0.0.100 255.255.255.0 11-11-22-22-33-33

Console> (enable)

The PBF map has been built as follows:

Console> (enable) show pbf-map

PBF MAP

Clients Gateways

---------------------------------------------

CLIENT-TEST GATEWAY-TEST

Console> (enable)

The set pbf-map macro command has created security ACL IP lists and security ACL map lists for the

PBF client and PBF gateway, but the macro command (set pbf-map CLIENT-TEST

GATEWAY-TEST) that created these security ACLs does not appear in the following configuration:

Console> (enable) show run

<SNIP> Unrelated configuration information cut out

!

#security ACLs

clear security acl all

#pbf set

set pbf mac 00-0d-65-36-1e-eb

#adj set

set security acl adjacency .c0000CLIENT-TEST 10 00-00-11-11-22-22 10.0.0.10

set security acl adjacency .g0001GATEWAY-TEST 1 11-11-22-22-33-33 10.0.0.100 23

#.cCLIENT-TEST

set security acl ip .cCLIENT-TEST permit arp

set security acl ip .cCLIENT-TEST permit arp-inspection any any

set security acl ip .cCLIENT-TEST redirect .g0001GATEWAY-TEST ip host 10.0.0.10

any

set security acl ip .cCLIENT-TEST permit ip any any

#.gGATEWAY-TEST

set security acl ip .gGATEWAY-TEST permit arp

set security acl ip .gGATEWAY-TEST redirect .c0000CLIENT-TEST ip any host 10.0.0

.10

set security acl ip .gGATEWAY-TEST permit ip any any

#

commit security acl all

set security acl map .cCLIENT-TEST 10

Table of Contents

Related product manuals

Preview: Cisco WS-C6509

Preview: Cisco WS-C2950-24

Cisco WS-C2950-24

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Cisco WS-C2940-8TT-S

Preview: Cisco WS-C3750-48PS-S

Cisco WS-C3750-48PS-S

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-C3560-48PS-S

Cisco WS-C3560-48PS-S

Preview: Cisco WS-C2960L-8TS-LL

Cisco WS-C2960L-8TS-LL

Preview: Cisco WS-C3560E-24PD-E

Cisco WS-C3560E-24PD-E

Cisco WS-C3750G-48PS-S

Preview: Cisco WS-C2960L-24TS-LL

Cisco WS-C2960L-24TS-LL

Preview: Cisco Catalyst WS-C3850-24T-L

Cisco Catalyst WS-C3850-24T-L