Chapter 37 Configuring The Ip Permit List; Understanding How The Ip Permit List Works - Cisco WS-C6506 Software Manual

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Configuring the IP Permit List

This chapter describes how to configure the IP permit list on the Catalyst 6500 series switches.

The functionality of the IP permit list can also be achieved with the VLAN access control lists (VACLs).

Because the VACLs are handled by the hardware (Policy Feature Card [PFC]), the VACL processing is

faster than the IP permit list processing.

For complete syntax and usage information for the commands that are used in this chapter, refer to the

Catalyst 6500 Series Switch Command Reference publication.

This chapter consists of these sections:

The IP permit list prevents the inbound Telnet and SNMP access to the switch from the unauthorized

source IP addresses. All other TCP/IP services (such as IP traceroute and IP ping) continue to work

normally when you enable the IP permit list. The outbound Telnet, TFTP, and other IP-based services

are unaffected by the IP permit list.

The Telnet attempts from the unauthorized source IP addresses are denied a connection. When the SNMP

requests from the unauthorized IP addresses receive no response; the request times out. If you want to

log the unauthorized access attempts to the console or a syslog server, you must change the logging

severity level for IP, as described in the

to generate the SNMP traps when the unauthorized access attempts are made, you must enable the IP

permit list (ippermit) SNMP traps, as described in the

You can configure up to 100 entries in the permit list. Each entry consists of an IP address and subnet

mask pair in dotted decimal format and information on whether the IP address is part of the SNMP

permit list, Telnet permit list, or both lists. The bits that are set to one in the mask are checked for a match

with the source IP address of the incoming packets, while the bits that are set to zero are not checked.

This process allows you to specify a wildcard address.

Understanding How the IP Permit List Works, page 37-1

IP Permit List Default Configuration, page 37-2

Configuring the IP Permit List on the Switch, page 37-2

37-3. Multiple access attempts from the same unauthorized host only trigger notifications every

C H A P T E R

"Enabling the IP Permit List" section on page

"Enabling the IP Permit List" section on

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

37-3. If you want

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Chapter 37 Configuring The Ip Permit List; Understanding How The Ip Permit List Works - Cisco WS-C6506 Software Manual

Understanding How the IP Permit List Works

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Content for Cisco WS-C6506

This manual is also suitable for:

Table of Contents