Table of Contents
Advertisement
Configuring Port-Based ACLs
Config:
Port
----- -------------------------------- ----
3/1
Runtime:
Port
----- -------------------------------- ----
No ACL is mapped to port 3/1.
dhcp-snooping:
Port
----- -----------
3/1
Console> (enable) show security acl map runtime 1
Vlan ACL name
---- -------------------------------- ----
Console> (enable) show security acl map runtime 2
Vlan ACL name
---- -------------------------------- ----
Console> (enable)
Online Insertion and Removal
When you remove or reset a module, all the PACLs that are attached to the module are removed from the
run-time configuration (which is programmed in the hardware) and the NVRAM configuration (which
is stored in NVRAM). The configuration is retained in NVRAM but is not displayed. When you insert
or bring a module online, the configuration is repopulated from NVRAM (or text-configuration file) and
remapped in runtime.
Enabling or disabling a port has no impact on the ACL mapping or the security-ACL mode, unless the
port is in merge mode. In the merge mode, a port that is disabled or cleared from a VLAN is placed in
the "merge disable" state because the VLAN that is associated with the port is no longer available and
the port cannot forward the packets or merge with any VLAN.
Configuring PACLs from the CLI
These sections describe how to create and activate PACLs on the Catalyst 6500 series switches:
•
•
•
•
•
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
15-72
ACL name
ipacl1
ACL name
Trust
Source-Guard
------------
untrusted
disabled
1 ipacl2
2 ipacl3
Specifying the PACL Mode, page 15-73
Displaying PACL Information, page 15-73
Mapping an ACL to Ports or to VLANs, page 15-74
Displaying ACL Mapping Information, page 15-75
Displaying ACL Information for an EtherChannel, page 15-75
Type
IP
Type
Source-Guarded IP Addresses
---------------------------
Type
IP
Type
IP
Chapter 15
Configuring Access Control
OL-8978-04
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
