Cisco Systems 4500 Switch User Manual


  Open as PDF
of 1504
 
47-40
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 47 Configuring Network Security with ACLs
Configuring PACLs
Applying ACLs to a Layer 2 Interface
To apply IPv4, IPv6, and MAC ACLs to a Layer 2 interface, perform one of these tasks:
Note Supervisor Engines III and Supervisor Engine IV running on a Catalyst 4500 series switch support both
input and output PACLs on an interface.
This example applies the extended named IP ACL simple-ip-acl to interface FastEthernet 6/1 ingress
traffic:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# ip access-group simple-ip-acl in
This example applies the IPv6 ACL simple-ipv6-acl to interface FastEthernet 6/1 ingress traffic:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# ipv6 traffic-filter simple-ipv6-acl in
This example applies the extended named MAC ACL simple-mac-acl to interface FastEthernet 6/1
egress traffic:
Switch# configure terminal
Switch(config)# interface fast 6/1
Switch(config-if)# mac access-group simple-mac-acl out
Displaying an ACL Configuration on a Layer 2 Interface
To display information about an ACL configuration on Layer 2 interfaces, perform one of these tasks:
This example shows that the IP access group simple-ip-acl is configured on the inbound direction of
interface fa6/1:
Switch# show ip interface fast 6/1
FastEthernet6/1 is up, line protocol is up
Inbound access list is simple-ip-acl
Outgoing access list is not set
Command Purpose
Switch(config-if)# ip access-group ip-acl {in | out}
Applies an IPv4 ACL to the Layer 2 interface.
Switch(config-if)# ipv6 traffic-filter ipv6-acl {in | out}
Applies an IPv6 ACL to the Layer 2 interface.
Switch(config-if)# mac access-group mac-acl {in | out}
Applies a MAC ACL to the Layer 2 interface.
Command Purpose
Switch# show ip interface [interface-name]
Shows the IP access group configuration on the interface.
Switch# show mac access-group interface
[interface-name]
Shows the MAC access group configuration on the
interface.
Switch# show access-group mode interface
[interface-name]
Shows the access group mode configuration on the
interface.
 previous next