Cisco WS-CBS3032-DEL Software Configuration Manual page 803

Chapter 35 Configuring Network Security with ACLs
Beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
vlan access-map name
[number]
Step 3 action drop log
Step 4
exit
Step 5
vlan access-log {maxflow
max_number | threshold
pkt_count}
Step 6
exit
Step 7
show vlan access-map
Step 8 copy running-config
startup-config
Use the no vlan access-map command with a sequence number to delete a map sequence. Use the no
version of the command without a sequence number to delete the map.
This example shows how to configure a VLAN access map to drop and log IP packets. Here IP traffic
matching the permit entries in net_10 is dropped and logged.
DomainMember(config)# vlan access-map ganymede 10
DomainMember(config-access-map)# match ip address net_10
DomainMember(config-access-map)# action drop log
DomainMember(config-access-map)# exit
This example shows how to configure global VACL logging parameters:
DomainMember(config)# vlan access-log maxflow 800
DomainMember(config)# vlan access-log threshold 4000
OL-13270-06
Purpose
Enter the global configuration mode.
Create a VLAN map. Give it a name and optionally a number. The number is the
sequence number of the entry within the map.
The sequence number range is from 0 to 65535.
When you create VLAN maps with the same name, numbers are assigned
sequentially in increments of 10. When modifying or deleting maps, you can
enter the number of the map entry that you want to modify or delete.
Specifying the map name and optionally a number enters the access-map
configuration mode.
Set the VLAN access map to drop and log IP packets.
Exit the VLAN access map configuration mode and return to the global
configuration mode.
Configure the VACL logging parameters.
maxflow max_number—Set the log table size. The content of the log table
•
can be deleted by setting the maxflow to 0. When the log table is full, the
sofware drops logged packets from new flows.
The range is from 0 to 2048. The default is 500.
• threshold pkt_count—Set the logging threshold. A logging message is
generated if the threshold for a flow is reached before the 5-minute interval.
The threshold range is from 0 to 2147483647. The default threshold is 0,
which means that a syslog message is generated every 5 minutes.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
Configuring VLAN Maps
35-37