Filter
Top Products
2-631
Catalyst 6500 Series Switch Command Reference—Release 8.4
OL-6244-01
Chapter 2 Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ipx
If you use the capture keyword, the ports that capture the traffic and transmit out are specified by
entering the set security acl capture-ports command.
When you enter the ACL name, follow these naming conventions:
• Maximum of 32 characters long and may include a-z, A-Z, 0-9, the dash character (-), the underscore
character (_), and the period character (.)
• Must start with an alpha character and must be unique across all ACLs of all types
• Case sensitive
• Cannot be a number
• Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Valid protocol keywords include ncp (17), netbios (20), rip (1), sap (4), and spx (5).
The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network
cable segments. When you specify the src_net or dest_net, use the following guidelines:
• It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks.
• You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA.
The dest_node is a 48-bit value represented by a dotted triplet of 4-digit hexadecimal numbers
(xxxx.xxxx.xxxx).
The dest_net_mask. is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.
The mask must be immediately followed by a period, which must in turn be immediately followed by
the destination-node-mask. You can enter this value only when dest_node is specified.
The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers
(xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when
dest_node is specified.
The dest_net_mask. is an eight-digit hexadecimal number that uniquely identifies the network cable
segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks. You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA. Following are dest_net_mask. examples:
• 123A
• 123A.1.2.3
• 123A.1.2.3 ffff.ffff.ffff
• 1.2.3.4 ffff.ffff.ffff.ffff
Use the show security acl command to display the list.
Examples This example shows how to block traffic from a specified source IPX address:
Console> (enable) set security acl ipx IPXACL1 deny 1.a
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)
This example shows how to deny traffic from hosts in specific subnet (10.1.2.0/8):
Console> (enable) set security acl ipx SERVER deny ip 10.1.2.0 0.0.0.255 host 10.1.1.100
IPXACL1 editbuffer modified. Use ‘commit’ command to apply changes.
Console> (enable)