Table of Contents
Advertisement
Configuring VACLs
To configure a capture port, perform this task:
Command
Step 1
Router(config)# interface {{type
Step 2
Router(config-if)# switchport capture allowed
vlan {add | all | except | remove} vlan_list
Router(config-if)# no switchport capture allowed
vlan
Step 3
Router(config-if)# switchport capture
Router(config-if)# no switchport capture
1.
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
When configuring a capture port, note the following information:
•
•
•
•
•
This example shows how to configure a Fast Ethernet interface 5/1 as a capture port:
Router(config)# interface gigabitEthernet 5/1
Router(config-if)# switchport capture
Router(config-if)# end
This example shows how to display VLAN access map information:
Router# show vlan access-map mordred
Vlan access-map "mordred"
Router#
This example shows how to display mappings between VACLs and VLANs. For each VACL map, there
is information about the VLANs that the map is configured on and the VLANs that the map is active on.
A VACL is not active if the VLAN does not have an interface.
Router# show vlan filter
VLAN Map mordred:
Router#
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
32-10
1
slot/port}
You can configure any port as a capture port.
The vlan_list parameter can be a single VLAN ID or a comma-separated list of VLAN IDs or VLAN
ID ranges (vlan_ID–vlan_ID).
To encapsulate captured traffic, configure the capture port with the switchport trunk
encapsulation command (see the
page
8-8) before you enter the switchport capture command.
For unencapsulated captured traffic, configure the capture port with the switchport mode access
command (see the
"Configuring a LAN Interface as a Layer 2 Access Port" section on page
before you enter the switchport capture command.
The capture port supports only egress traffic. No traffic can enter the switch through a capture port.
match: ip address net_10
action: forward capture
Configured on VLANs:
Active on VLANs:
Purpose
Specifies the interface to configure.
(Optional) Filters the captured traffic on a
per-destination-VLAN basis. The default is all.
Clears the configured destination VLAN list and returns
to the default value (all).
Configures the port to capture VACL-filtered traffic.
Disables the capture function on the interface.
"Configuring a Layer 2 Switching Port as a Trunk" section on
10
2,4-6
2,4-6
Chapter 32
Configuring VLAN ACLs
8-14)
OL-11439-03
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Cisco WS-SUP32-GE-3B - Supervisor Engine 32
Related Products for Cisco WS-SUP32-GE-3B - Supervisor Engine 32
- Cisco WAN Modeling Tools
- Cisco WS-SUP720-3B - Supervisor Engine 720
- Cisco WS-SVC-AGM-1-K9= - Anomaly Guard Module
- Cisco WS-SVC-CMM-ACT-RF - Conferencing And Transcoding Port Adapter Voice DSP Module
- Cisco WS-SVC-ADM-1-K9= - Traffic Anomaly Detector Module
- Cisco WS-SVC-FWM-1-K9= - Firewall Service Module
- Cisco WS-SVC-IDS2-BUN-K9 - Intrusion Detection Sys Module 2
- Cisco WS-SVC-IPSEC-1= - IPSec VPN Services Module