Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
11121314151617181920
11
OL-11615-01
Switch(config)# access-list 101 permit udp any any
Switch(config)# ip access-list extended igmp-match
Switch(config-ext-nacl)# permit igmp any any
Switch(config)# ip access-list extended tcp-match
Switch(config-ext-nacl)# permit tcp any any
Switch(config-ext-nacl)# exit
!
!--- Create VLAN map and define actions per map instance
Switch(config)# vlan access-map drop-ip-default 10
Switch(config-access-map)# match ip address 101
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan access-map drop-ip-default 20
Switch(config-access-map)# match ip address igmp-match
Switch(config-access-map)# action drop
Switch(config-access-map)# exit
Switch(config)# vlan access-map drop-ip-default 30
Switch(config-access-map)# match ip address tcp-match
Switch(config-access-map)# action forward
!
!--- Apply VLAN map to actual VLAN
Switch(config)# vlan filter drop-ip-default vlan-list 110
In this next example, the VLAN map is configured to drop all packets (IP and non-IP). By applying
access lists tcp-match and good-hosts, the VLAN map is configured to do the following:
Forward all TCP packets
Forward MAC packets from hosts 0000.0c00.0111 and 0000.0c00.0211
Drop all other IP packets
Drop all other MAC packets
Switch(config)# ip access-list extended tcp-match
Switch(config-ext-nacl)# permit tcp any any
Switch(config-ext-nacl)# exit
Switch(config)# mac access-list extended good-hosts
Switch(config-ext-macl)# permit host 000.0c00.0111 any
Switch(config-ext-macl)# permit host 000.0c00.0211 any
Switch(config-ext-nacl)# exit
Switch(config)# vlan access-map drop-all-default 10
Switch(config-access-map)# match ip address tcp-match
Switch(config-access-map)# action forward
Switch(config-access-map)# exit
Switch(config)# vlan access-map drop-all-default 20
Switch(config-access-map)# match mac address good-hosts
Switch(config-access-map)# action forward
Switch(config)# vlan filter drop-all-default vlan-list 110
For more information on how to configure VACLs on Catalyst 6500 running Cisco IOS, refer to the
following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/vacl.htm
For more information on how to configure VACLs on Catalyst 4500 running Cisco IOS, refer to the
following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31s/conf/secure.htm