EasyManuals Logo
Home>Cisco>Switch>WS-C6506

Cisco WS-C6506 User Manual

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #512 background imageLoading...
Page #512 background image
15-116
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Downloadable ACLs
Step 5 Display the PBF configuration commands.
Console> (enable) show run
<SNIP> Unrelated configuration information cut out
!
#security ACLs
clear security acl all
#pbf set
set pbf mac 00-0d-65-35-ed-83
#set pbf client
set pbf client CLIENT-TEST 10.0.0.10 00-00-11-11-22-22 10
#set pbf gw
set pbf gw GATEWAY-TEST 10.0.0.100 255.255.255.0 11-11-22-22-33-03 3
#set pbf-map
set pbf-map CLIENT-TEST GATEWAY-TEST
#
commit security acl all
!
<SNIP> Unrelated configuration information cut out
Console> (enable)
Downloadable ACLs
Downloadable ACLs are a set of ACEs that are configured on a RADIUS server. Downloadable ACLs
are downloaded during authentication of a NAC feature such as Dot1x, mac-auth, LPIP, or web-auth.
Downloadable ACLs are a port-based feature. You will need to configure the security ACL so that it is
port based and map an ACL with an include keyword to the port. Do not reconfigure the security ACL
with the include keyword once it has been mapped to the port. Make sure to clear the security ACL with
the include keyword if you make any modifications.
Once authentication is successful, a downloaded ACL is initiated with DHCP snooping, ARP inspection,
or static DHCP bindings. The set of ACEs that were downloaded get recommitted as system-generated
ACLs along with ACLs that were mapped to the port. For example, an ACL that was mapped to a port
and a downloaded ACL are remapped to the port at runtime. The downloaded ACLs are placed in the
include downloaded-acl feature ACE.
The following sections describe how to configure and display information about downloaded ACLs.
Downloadable ACLs can only be mapped to ports with a port-based security ACL mode.
Note Downloadable ACLs are only supported on switches that feature a Supervisor Engine 720 or
Supervisor Engine 32.
Note DNS hostnames are supported in the ACEs of downloadable ACLs from RADIUS servers. Make sure to
enable DNS.
Note If your downloaded ACL is larger than 4 KB, enable IP reassembly by using the set ip reassembly
enable command.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco WS-C6506 and is the answer not in the manual?

Cisco WS-C6506 Specifications

General IconGeneral
BrandCisco
ModelWS-C6506
CategorySwitch
LanguageEnglish

Related product manuals