Configuring Acls - Cisco 500 Series Administration Manual
Stackable managed
Hide thumbs
Also See for 500 Series:
- Configuration manual (1140 pages) ,
- Administration manual (485 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
27
583
-
06-Jun-2013 09:49:56 %3SWCOS-I-LOGDENYMAC: gi0/1: deny ACE
00:00:00:00:00:01 -> ff:ff:ff:ff:ff:ff, Ethertype-2054, VLAN-20, CoS-4,
trapped
•
For an IP packet (v4 and v6):
-
06-Jun-2013 12:38:53 %3SWCOS-I-LOGDENYINET: gi0/1: deny ACE
IPv4(255) 1.1.1.1 -> 1.1.1.10, protocol-1, DSCP-54, ICMP Type-Echo Reply,
ICMP code-5 , trapped
•
For an L4 packet:
-
06-Jun-2013 09:53:46 %3SWCOS-I-LOGDENYINETPORTS: gi0/1: deny
ACE IPv4(TCP) 1.1.1.1(55) -> 1.1.1.10(66), trapped
Configuring ACLs
This section describes how to create ACLs and add rules (ACEs) to them.
Creating ACLs Workflow
To create ACLs and associate them with an interface, perform the following:
1. Create one or more of the following types of ACLs:
a. MAC-based ACL by using the MAC Based ACL page and the MAC Based
ACE page
b. IP-based ACL by using the IPv4 Based ACL page and the IPv4 Based ACE
page
c. IPv6-based ACL by using the IPv6 Based ACL page and the IPv6 Based ACE
page
2. Associate the ACL with interfaces by using the ACL Binding page.
Modifying ACLs Workflow
An ACL can only be modified if it is not in use. The following describes the process
of unbinding an ACL in order to modify it:
1. If the ACL does not belong to a QoS Advanced Mode class map, but it has been
associated with an interface, unbind it from the interface using the ACL Binding
page.
2. If the ACL is part of the class map and not bound to an interface, then it can be
modified.
Cisco 500 Series Stackable Managed Switch Administration Guide
Access Control
Access Control Lists
Hide quick links:
Advertisement
Table of Contents
