Chapter 35
Configuring Network Security with ACLs
This example shows how to merge and apply features other than PACL on the interface:
Switch# configure t
Switch(config)# interface interface
Switch(config-if)# access-group mode prefer port
This example shows how to merge applicable ACL features before they are programmed into hardware:
Switch# configure t
Switch(config)# interface interface
Switch(config-if)# access-group mode merge
Applying ACLs to a Layer 2 Interface
To apply IP and MAC ACLs to a Layer 2 interface, perform one of these tasks:
Command
Switch(config-if)# ip access-group ip-acl {in | out}
Switch(config-if)# mac access-group mac-acl {in | out}
Supervisor Engines III and Supervisor Engine IV running on a Catalyst 4500 series switch support both
Note
input and output PACLs on an interface.
This example applies the extended named IP ACL simple-ip-acl to interface FastEthernet 6/1 ingress
traffic:
Switch# configure t
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# ip access-group simple-ip-acl in
This example applies the extended named MAC ACL simple-mac-acl to interface FastEthernet 6/1
egress traffic:
Switch# configure t
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# mac access-group simple-mac-acl out
Displaying an ACL Configuration on a Layer 2 Interface
To display information about an ACL configuration on Layer 2 interfaces, perform one of these tasks:
Command
Switch# show ip interface [ interface-name ]
Switch# show mac access-group interface
[ interface-name ]
Switch# show access-group mode interface
[ interface-name ]
OL-6696-01
Purpose
Applies an IP ACL to the Layer 2 interface
Applies a MAC ACL to the Layer 2 interface.
Purpose
Shows the IP access group configuration on the interface.
Shows the MAC access group configuration on the
interface.
Shows the access group mode configuration on the
interface.
Software Configuration Guide—Release 12.2(25)EW
Configuring PACLs
35-25