Support User Manuals

Cisco Systems OL-6244-01 Switch User Manual

Open as PDF

of 1438

2-639

Catalyst 6500 Series Switch Command Reference—Release 8.4

OL-6244-01

Chapter 2 Catalyst 6500 Series Switch and ROM Monitor Commands

set security acl map

If per-VLAN statistics are enabled on a VLAN, subsequent maps configured on the same VLAN will

also have per-VLAN statistics enabled. If per-VLAN statistics are disabled on a VLAN, previous maps

configured on the same VLAN will also have per-VLAN statistics disabled.

For example, if you enter the set security acl map ip1 1 statistics enable command followed by the set

security acl map mac1 1 command, the MAC 1 ACL will also have per-VLAN statistics enabled.

If you enter the set security acl map ip1 1 statistics enable command followed by the set security acl

map mac1 1 statistics disable command, the ip1 ACL will also have per-VLAN statistics disabled.

Note In the per-VLAN mode, label sharing is disabled resulting in more labels being used.

Note With a PFC2, the counters report if a particular ACE was hit during a 300 ms window, but the counters

do not indicate how much traffic hit the entry. For example, if you have two flows where one flow is 1000

packets per second and the second flow is 10 packets per second, both flows return the same result on a

PFC2. The PFC3 and later PFCs do not have this limitation.

Examples This example shows how to map an existing ACL to a VLAN:

Console> (enable) set security acl map IPACL1 1

ACL IPACL1 mapped to vlan 1

Console> (enable)

This example shows the output if you try to map an ACL that has not been committed:

Console> (enable) set security acl map IPACL1 1

Commit ACL IPACL1 before mapping.

Console> (enable)

This example shows the output if you try to map an ACL that is already mapped to a VLAN for the ACL

type (IP, IPX, or MAC):

Console> (enable) set security acl map IPACL2 1

Mapping for this type already exists for this VLAN.

Console> (enable)

This example shows how to map an ACL to a port:

Console> (enable) set security acl map ipacl1 3/1

Mapping in progress.

ACL ipacl1 is successfully mapped to port(s) 3/1.

Console> (enable)

This example shows how to enable ACL statistics on a per-VLAN basis:

Console> (enable) set security acl map ACL1 1 statistics enable

Mapping in progress.

ACL ACL1 successfully mapped to VLAN 1.

Console> (enable)

previous next