Cisco WS-C6506 Software Manual page 456

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Configuring VACLs

Enter the set security acl ip acl_name deny log command to create an IP VACL and enable logging.

Enter the commit security acl acl_name command to commit the VACL to NVRAM.

Enter the set security acl map acl_name vlan command to map the VACL to a VLAN.

Configuration Examples

This example shows how to set the logging level:

Console> (enable) set logging level acl 6

System logging facility <acl> for this session set to severity 6(information)

This example shows how to allocate a new log table that is based on the maximum flow:

Console> (enable) set security acl log maxflow 512

Set VACL Log table to 512 flow patterns.

This example shows how to set the redirect rate:

Console> (enable) set security acl log ratelimit 1000

Max logging eligible packet rate set to 1000pps.

This example shows how to display the VACL log configuration:

Console> (enable) show security acl log config

VACL LOG Configration

-------------------------------------------------------------

Max Flow Pattern

Max Logging Eligible rate (pps) : 1000

This example shows how to create an ACE for my_cap and specify that the denied traffic is logged:

Console> (enable) set security acl ip my_cap deny ip host 21.0.0.1 log

my_cap editbuffer modified. Use 'commit' command to apply changes.

Console> (enable)

This example shows how to commit the my_cap ACL to NVRAM:

Console> (enable) commit security acl my_cap

ACL commit in progress.

ACL my_cap successfully committed.

Console> (enable)

This example shows how to map the VACL to a VLAN:

Console> (enable) set security acl map my_cap 1

Mapping in progress.

ACL my_cap successfully mapped to VLAN 1.

2000 Jul 19 01:14:06 %ACL-6-VACLLOG:VLAN 1(Port 2/1) denied ip tcp 21.0.0.1(2000) ->

255.255.255.255(3000), 1 packet

2000 Jul 19 01:19:06 %ACL-6-VACLLOG:VLAN 1(Port 2/1) denied ip tcp 21.0.0.1(2000) ->

255.255.255.255(3000), 7 packets

2000 Jul 19 01:25:06 %ACL-6-VACLLOG:VLAN 1(Port 2/2) denied ip tcp 21.0.0.1(2000) ->

255.255.255.255(3000), 1 packets

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

Configuring Access Control

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Cisco WS-C6506 Software Manual page 456

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Products for Cisco WS-C6506

This manual is also suitable for:

Table of Contents