Command or Action
Step 3
action drop log
Example:
Switch(config-access-map)# action
drop log
Step 4
exit
Example:
Switch(config-access-map)# exit
Step 5
vlan access-log {maxflow max_number
| threshold pkt_count}
Example:
Switch(config)# vlan access-log
threshold 4000
Step 6
end
Example:
Switch(config)# end
Configuration Examples for ACLs and VLAN Maps
Example: Creating an ACL and a VLAN Map to Deny a Packet
This example shows how to create an ACL and a VLAN map to deny a packet. In the first map, any packets
that match the ip1 ACL (TCP packets) would be dropped. You first create the ip1 ACL to permit any TCP
Purpose
Specifying the map name and optionally a number enters the access-map
configuration mode.
Sets the VLAN access map to drop and log IP packets.
Exits the VLAN access map configuration mode and return to the global
configuration mode.
Configures the VACL logging parameters.
• maxflow max_number—Sets the log table size. The content of the log
table can be deleted by setting the maxflow to 0. When the log table
is full, the software drops logged packets from new flows.
The range is from 0 to 2048. The default is 500.
• threshold pkt_count—Sets the logging threshold. A logging message
is generated if the threshold for a flow is reached before the 5-minute
interval.
The threshold range is from 0 to 2147483647. The default threshold is
0, which means that a syslog message is generated every 5 minutes.
Returns to privileged EXEC mode.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Configuration Examples for ACLs and VLAN Maps
1257