Cisco Catalyst 4500 Series Configuration Manual page 1217

Configuring Network Security with ACLs
This chapter describes how to use access control lists (ACLs) to configure network security on the
Catalyst 4500 series switches.
Note The Catalyst 4500 series switch supports time-based ACLs.
This chapter consists of the following major sections:
• About ACLs, page 51-2
• Hardware and Software ACL Support, page 51-6
• Troubleshooting High CPU Due to ACLs, page 51-6
• TCAM Programming and ACLs, page 51-10
• Layer 4 Operators in ACLs, page 51-10
• Configuring Unicast MAC Address Filtering, page 51-13
Configuring Named MAC Extended ACLs, page 51-14
•
Configuring EtherType Matching, page 51-15
•
Configuring Named IPv6 ACLs, page 51-16
•
Applying IPv6 ACLs to Layer 2 and 3 Interface, page 51-17
•
Configuring VLAN Maps, page 51-17
•
Displaying VLAN Access Map Information, page 51-24
•
• Using VLAN Maps with Router ACLs, page 51-25
• Configuring PACLs, page 51-27
• Using PACL with VLAN Maps and Router ACLs, page 51-32
• Configuring RA Guard, page 51-35
Note For complete syntax and usage information for the switch commands used in this chapter, first look at
the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in
the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this
location:
http://www.cisco.com/en/US/products/ps6350/index.html
OL-25340-01
C H A P T E R
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
51
51-1