Enhancements To The Pbf Configuration (Software Releases 8.3(1) And Later) - Cisco WS-C6506 Software Manual

Chapter 15 Configuring Access Control
Clearing the PBF_MAP_ACL Configuration
To clear the PBF_MAP_ACL configuration, perform this task in normal mode:
Task
Clear the PBF_MAP_ACL
configuration.
This example shows how to clear all the ACLs and adjacency information that were created by the set
pbf-map command:
Console> (enable) clear pbf-map all
ACL 'PBF_MAP_ACL_11' successfully deleted.
Console> (enable)
ACL 'PBF_MAP_ACL_22' successfully deleted.
Console> (enable)
This example shows how to clear the ACL with the name PBF_MAP_ACL_VLAN_# and the adjacency
table that was used by that ACL:
Console> (enable) clear pbf-map vlan 11
ACL 'PBF_MAP_ACL_11' successfully deleted.
Console> (enable) Commit operation successful.
Console> (enable)
This example shows how to clear all the ACEs that were created by the set pbf-map command except
the permit ip any any ACE. The command removes the entries that enable the traffic between the hosts
with ip_addr_1 and ip_addr_2 on vlan_1 and vlan_2. If the entries were already deleted using the clear
security acl command, a message is displayed indicating that the specific entry was already cleared. The
actual entries that were deleted are two ACEs (redirect-to-adjacency ACEs) and two entries in the
adjacency table.
Console> (enable) clear pbf-map 1.1.1.1 0-0-0-0-0-1 11 2.2.2.2 0-0-0-0-0-2 22
ACL 'PBF_MAP_ACL_11' successfully committed.
Console> (enable)
ACL 'PBF_MAP_ACL_22' successfully committed.
Console> (enable)

Enhancements to the PBF Configuration (Software Releases 8.3(1) and Later)

This section describes how to configure PBF using two new configuration commands (set pbf client and
set pbf gw) that are available in software release 8.3(1) and later releases. The PBF enhancements that
are described in this section simplify the process of setting and committing the security ACLs and
adjacency information. The enhanced set pbf-map command creates the security ACLs and adjacency
information based on your input, commits them to the hardware, and maps them to the VLANs. As part
of creating the necessary VACLs to redirect the traffic from one VLAN to another, the ARP packets are
redirected to the software and the supervisor engine generates the ARP replies for the gateway/client
requests.
OL-8978-04
Command
clear pbf-map all | vlan vlan | ip_addr_1 mac_1 vlan_1
ip_addr_2 mac_2 vlan_2
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring Policy-Based Forwarding
15-105