VACL IP IPX 3 MAC VACL VLAN VLAN VACL VLAN VACL VLAN Catalyst 6000 ACL IOS ACL IOS ACL MSFC PFC VACL QoS ACL MSFC PFC VACL QoS ACL QoS Catalyst 6000 F

7 ACL ACL Catalyst 6000ACL ACL p.7-2 ACL p.7-1 p.7-2 ACL p.7-2 ACE p.7-3 VLAN IOS ACL VACL VLAN ACL p.7-5 IOS ACL p.7-6 VACL IOS ACL p.7-9 VACL p.7-14 p.7-18 VACL p.7-19 ACL p.7-30 2 VLAN VLAN MSFC Catalyst 6000 3 MLS [ ]VLAN VLAN IOS ACL VLAN VACL VLAN ACL IOS ACL IOS ACL ACL 7-1

VACL IP IPX 3 MAC VACL VLAN VLAN VACL VLAN VACL VLAN Catalyst 6000 ACL IOS ACL IOS ACL MSFC PFC VACL QoS ACL MSFC PFC VACL QoS ACL QoS Catalyst 6000 Family Software Configuration Guide ACL Catalyst 6000 ACL IOS ACL VACLQoS ACL IOS ACL IOS ACL MSFC VLAN ACL 1 ACEIOS ACLWeb Cache Redirect WCCP [Web Cache Coordination Protocol] ACL Web HTTP IOS ACL ACL TCP ACL ACL 1 IOS ACL 1 ACL 1 ACLIOS ACL IOS ACL IOS ACL ACL ACL MSFC ACL NAT 7-2 Catalyst 6000

ACE IOS ACL ACL ACL MSFC NAT ACL WCCP ACL TCP ACL VACL VACL VACL VLAN VLAN VACL VACL IOS ACL IP IPX3 VACL MAC VACL MACIP IPX MAC VACL VACL Catalyst 6000Catalyst 6000 VACL QoS ACL QoS ACLCatalyst 6000 Family Software Configuration Guide ACE ACL ACE ACE ACE Catalyst 6000 3 ACE IP ACE IPX ACE ACE ACE 1 ACL ACE 1 7-1 ACE ACL 7-3

ACE 7-1 ACE ACE 4 TCP UDP 1 IGMP 1 ICMP 1 IP 1 IPX 2 ICMP 3 IGMP 4 ICMP 3 IP ToS IP ToS IP ToS IP ToS IP IP IP IP IPX IP IP IP IP IPX IPX TCP UDP IGMP ICMP IPX 2 1 IP ACE 2 IP 4 IPX 3 ICMP ICMP 4 IGMP IGMP ACE40 offset! = 0 IP 4 ACE redirect 4/3 tcp host 1.1.1.1 eq 68 host 255.255.255.255 1.1.1.1 68 4/368 permit tcp host 1.1.1.1 eq 68 host 2.2.2.2 eq 34 1.1.1.1 68 2.2.2.2 34 offset! = 0 deny tcp host 1.1.1.1 eq 68 host 2.2.2.2 eq 34 1.1.1.1 68 2.2.2.2 34 0 offset! = 0 7-4 Catalyst 6000

VLAN IOS ACL VACL VLAN ACL VLAN IOS ACL VACL VLAN ACL VLAN IOS ACL VACL 7-1 ACL 2 ACL VLAN 7-1 ACL 7-2 3ACL 3ACL 1 VLAN VACL 2 IOS ACL 3 IOS ACL 4 VLAN VACL 7-2 ACL 26964 26961 ACL 7-5

IOS ACL 7-3 ACL ACL 1 (a) VLAN VACL (b) IOS ACL 2 (a) IOS ACL (b) VLAN VACL 3 (a) VLAN VACL 7-3 ACL 26965 IOS ACL Catalyst 6000 VLAN IOS ACL Cisco ACL IOS ACL p.7-18 VACL p.7-19 Cisco IOS ACL IP Network Protocols Configuration Guide Part 1 Configuring IP Services 7-6 Catalyst 6000

IOS ACL NAT IOS ACL 3 IOS ACL p.7-7 MSFC IOS ACL VACL ACL MSFC ICMP Internet Control Message Protocol ICMP no ip unreachables ICMP ip unreachables IOS ACL ACL ACL show ip access-list IPX IOS ACL MSFC ACL IP IPX ACL ACL [deny] [ip unreachables] [permit] ACL ACL IP ACL ACL 7-7

IOS ACL IPX ACL ACL IPX ACL ACL IPX ACL ACL IPX ACL ACL 512 TCP TCP TCP [match] match [match ip address] [match length] match length [match ip address] ACL match length mls ip pbr mls ip pbr WCCP Web Cache Coordination Protocol WCCPHTTP Hypertext Transfer Protocol HTTP NAT NAT NAT 7-8 Catalyst 6000

VACL IOS ACL RPF RPF RPF3 IOS ACL VACL IOS ACL VACL IOS ACL VACL VLAN IOS ACL VACL ACL VACL deny redirect IOS ACL IOS ACL VACL ACL VACL NAT VACL NAT VACL VACL VACL ACE VLAN IOS ACL VACL VLAN IOS ACL VACL IOS ACL VACL VLAN Catalyst 6000 ACL 1 IOS ACL VACL VLAN IOS ACL VACL IOS ACL VACLACE IOS ACL VACL VLAN IOS ACL VACL ACL show security acl resource-usage ACL deny any any ACE permit ip any any1 [p.7-11] ACL 7-9

VACL IOS ACL ACL 3 p.7-12 6 329 53 ACE ACL 2 ACL 3 ACL2 ACL ACE ACL ACE ACE ACE permit ip any any permit ip any any deny ip any 4 [p.7-12] 4 ACL 4 IP IP IP ACL p.7-9 p.7-10 6 p.7-13 4 IP ACE TCP/UDP/ICMP ACEACL 4 ACE IP ACL ACL ACL ACL A ACL BACL C ACL C ACL A ACL B ACL A ACL B ACL A ACL B 4 ACL C ACL C = ACL A x ACL B x 2 4 IOS ACL VACL VLAN VACL IOS ACL 1 7-10 Catalyst 6000

VACL IOS ACL 1 VACL 9ACE ******** VACL *********** 1 permit udp host 194.72.72.33 194.72.6.160 0.0.0.15 2 permit udp host 147.150.213.94 194.72.6.64 0.0.0.15 eq bootps 3 permit udp 194.73.74.0 0.0.0.255 host 194.72.6.205 eq syslog 4 permit udp host 167.221.23.1 host 194.72.6.198 eq tacacs 5 permit udp 194.72.136.1 0.0.3.128 194.72.6.64 0.0.0.15 eq tftp 6 permit udp host 193.6.65.17 host 194.72.6.205 gt 1023 7 permit tcp any host 194.72.6.52 8 permit tcp any host 194.72.6.52 eq 113 9 deny tcp any host 194.72.6.51 eq ftp 10 permit tcp any host 194.72.6.51 eq ftp-data 11 permit tcp any host 194.72.6.51 12 permit tcp any eq domain host 194.72.6.51 13 permit tcp any host 194.72.6.51 gt 1023 14 permit ip any host 1.1.1.1 ******** IOS ACL ************ 1 deny ip any host 239.255.255.255 2 permit ip any any ******** MERGE ********** has 91 entries entries 2 1 9 11 12 ACL ACE ******** VACL ********** 1 permit udp host 194.72.72.33 194.72.6.160 0.0.0.15 2 permit udp host 147.150.213.94 194.72.6.64 0.0.0.15 eq bootps 3 permit udp 194.73.74.0 0.0.0.255 host 194.72.6.205 eq syslog 4 permit udp host 167.221.23.1 host 194.72.6.198 eq tacacs 5 permit udp 194.72.136.1 0.0.3.128 194.72.6.64 0.0.0.15 eq tftp 6 permit udp host 193.6.65.17 host 194.72.6.205 gt 1023 7 permit tcp any host 194.72.6.52 8 permit tcp any host 194.72.6.52 eq 113 9 permit tcp any host 194.72.6.51 eq ftp-data 10 permit tcp any host 194.72.6.51 neq ftp 11 permit tcp any eq domain host 194.72.6.51 neq ftp 12 permit tcp any host 194.72.6.51 gt 1023 13 permit ip any host 1.1.1.1 ******** IOS ACL ************ 1 deny ip any host 239.255.255.255 2 permit ip any any ******** MERGE *********** has 78 entries ACL 7-11

VACL IOS ACL 3 VACL ACE ******** VACL *********** 1 deny ip 0.0.0.0 255.255.255.0 any 2 deny ip 0.0.0.255 255.255.255.0 any 3 deny ip any 0.0.0.0 255.255.255.0 4 permit ip any host 239.255.255.255 5 permit ip any host 255.255.255.255 6 deny ip any 0.0.0.255 255.255.255.0 7 permit tcp any range 0 65534 any range 0 65534 8 permit udp any range 0 65534 any range 0 65534 9 permit icmp any any 10 permit igmp any any 11 permit ip any any ******** IOS ACL ********** 1 deny ip any host 239.255.255.255 2 permit ip any any ******** MERGE ********** has 329 entries 4 VACL3 ACE ******** VACL *********** 1 redirect 4/25 tcp host 192.168.1.67 host 255.255.255.255 2 redirect 4/25 udp host 192.168.1.67 host 255.255.255.255 3 deny tcp any any lt 30 4 deny udp any any lt 30 5 permit ip any any ******* IOS ACL *********** 1 deny ip any host 239.255.255.255 2 permit ip any any ******* MERGE ********** has 142 entries 5 VACL 2 ******** VACL *********** 1 redirect 4/25 tcp host 192.168.1.67 host 255.255.255.255 2 redirect 4/25 udp host 192.168.1.67 host 255.255.255.255 3 permit ip any any ******* IOS ACL *********** 1 deny ip any host 239.255.255.255 2 permit ip any any ******* MERGE ********** has 4 entries 7-12 Catalyst 6000

VACL IOS ACL 6 IOS ACLIOS ACL4 801 ******** VACL ********** 1 redirect 4/25 tcp host 192.168.1.67 255.255.255.255 0.0.0.0 2 redirect 4/25 udp host 192.168.1.67 255.255.255.255 0.0.0.0 3 redirect 4/25 icmp host 192.168.1.67 host 255.255.255.255 4 redirect 4/25 ip host 192.168.1.67 host 255.255.255.255 5 deny tcp any any lt 30 6 deny udp any any lt 30 7 permit ip any any ******** IOS ACL *********** 1 permit ip 147.150.213.64 0.0.0.31 194.72.6.64 0.0.0.15 2 permit ip 147.150.213.64 0.0.0.31 194.72.6.160 0.0.0.15 3 permit ip 147.150.213.64 0.0.0.31 host 194.72.6.205 4 permit ip 147.151.77.0 0.0.0.255 194.72.6.64 0.0.0.15 5 permit ip 147.151.77.0 0.0.0.255 194.72.6.160 0.0.0.15 6 permit ip 147.151.77.0 0.0.0.255 194.72.6.208 0.0.0.15 7 permit ip 147.151.77.0 0.0.0.255 host 194.72.6.205 8 permit ip host 193.37.169.121 194.72.6.64 0.0.0.15 [...] total 62 entries without L4 information ******** MERGE ********** has 801 ACEs 7 6 IOS ACL 4VACL ******** VACL ********* 1 permit tcp host 193.131.248.24 194.73.73.0 0.0.0.15 gt 1023 2 permit tcp host 158.43.128.8 194.72.6.224 0.0.0.7 gt 1023 3 permit udp any 194.72.6.224 0.0.0.7 eq time 4 permit udp any 194.73.73.0 0.0.0.15 eq time 5 permit udp 194.72.7.128 0.0.0.7 194.72.6.224 0.0.0.7 eq 1645 6 permit udp 194.72.7.128 0.0.0.7 194.73.73.0 0.0.0.15 eq 1645 7 permit udp host 158.152.1.65 194.72.6.224 0.0.0.7 gt 1023 8 permit udp host 158.152.1.65 194.73.73.0 0.0.0.15 gt 1023 [...] total 168 entries ******** IOS ACL ********* 1 permit ip 147.150.213.64 0.0.0.31 194.72.6.64 0.0.0.15 2 permit ip 147.150.213.64 0.0.0.31 194.72.6.160 0.0.0.15 3 permit ip 147.150.213.64 0.0.0.31 host 194.72.6.205 4 permit ip 147.151.77.0 0.0.0.255 194.72.6.64 0.0.0.15 5 permit ip 147.151.77.0 0.0.0.255 194.72.6.160 0.0.0.15 6 permit ip 147.151.77.0 0.0.0.255 194.72.6.208 0.0.0.15 7 permit ip 147.151.77.0 0.0.0.255 host 194.72.6.205 8 permit ip host 193.37.169.121 194.72.6.64 0.0.0.15 [...] total 62 entries without L4 information ******* MERGE ******** has 1259 ACEs. ACL 7-13

VACL 4 4 gt lt neq range [lt 5] [lt 6] ACL 9 ACEACE VLAN IOS ACL VACL 4 9 4 show security acl resource-usage VACL VACL p.7-14 p.7-15 DHCP p.7-16 VLAN p.7-17 p.7-18 Catalyst 6000 MSFC VACL QoS ACL XYVLAN A C 7-4 X Y MSFC X Y A X Y HTTP A VACL X YHTTP A MSFC 7-14 Catalyst 6000

VACL 7-4 26959 VLAN VACL 7-5 A TCP 5000 1 2 set security acl ip SERVER redirect 4/1 tcp any host 255.255.255.255 eq 5000 set security acl ip SERVER permit ip any any 3 VACL commit security acl SERVER 4 VLAN 10 VACL set security acl map SERVER 10 7-5 ACL 7-15

VACL 7-5 26960 DHCP DHCPVLAN DHCP VACL DHCP DHCP DHCPIP 1.2.3.4 1 2 3 1.2.3.4 DHCP DHCP IP set security acl ip SERVER permit tcp host 1.2.3.4 any eq 68 set security acl ip SERVER deny tcp any any eq 68 set security acl ip SERVER permit any any 4 VACL commit security acl SERVER 5 VLAN 10 VACL set security acl map SERVER 10 7-6 DHCP DHCP 7-16 Catalyst 6000

VACL 7-6 DHCP 26962 VLAN VLAN VLAN 10 10.1.1.100 7-7 VLAN 20 10.1.2.0/24 VLAN 10 10.1.1.4 10.1.1.8 VLAN 1 2 3 4 10.1.2.0/24 10.1.1.4 10.1.1.8 IP set security acl ip SERVER deny ip 10.1.2.0 0.0.0.255 host 10.1.1.100 set security acl ip SERVER deny ip host 10.1.1.4 host 10.1.1.100 set security acl ip SERVER deny ip host 10.1.1.8 host 10.1.1.100 set security acl ip SERVER permit ip any any 5 VACL commit security acl SERVER 6 VLAN 10 VACL set security acl map SERVER 10 ACL 7-17

7-7 VLAN 26963 p.7-28 Catalyst 6000 ACL IP 4/IPX IOS ACL IOS ACL MSFC ACL ACL IP IPX IPX XNS XNS DECnet MAC 5 IP IPX VACL IPX VACL IPX 7-18 Catalyst 6000

VACL VACL VACL VACL p.7-19 VACL VACL ACL ACE NVRAM commit ACE ACL ACE commit ACE NVRAM IOS ACL VACL NVRAM ACL p.7-30 VLAN IOS ACL VACL p.7-9 VACL p.7-14 p.7-18 VACL VACL VLAN VACL VACL/VLAN VLAN IOS ACL VACL ACL ACE ACL ACE 2 ACE ACE show security acl info acl_name editbuffer ACE MSFC IOS ACL VACL ACL MSFC ACL ACL ACL show security acl resource-usage show qos acl resource-usage 100% ACL ACL ACL ACL 7-19

VACL VACL VACL VLAN 1 2 3 set security acl ip VACL ACE commit VACL ACE NVRAM set security acl map VACL VLAN IP VACL IPX IP 4/IPX VACL VACL VACL ACE CLI VACL Catalyst 6000VACL Catalyst 6000 Family Command Reference IP VACL ACE p.7-21 IPX VACL ACE p.7-22 IP 4/IPX VACL ACE p.7-24 ACL p.7-25 VLAN VACL p.7-25 VACL p.7-26 VACL/VLAN p.7-26 p.7-26 ACL ACE p.7-27 ACL p.7-27 VACL p.7-28 p.7-28 7-20 Catalyst 6000

VACL IP VACL ACE IP VACL ACEIP VACL ACE IP set security acl ip {acl_name} {permit deny} {src_ip_spec} [capture] [before editbuffer_index modify editbuffer_index] IP set security acl ip {acl_name} {permit deny redirect mod_num/port_num} {protocol} {src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [capture] [before editbuffer_index modify editbuffer_index] IPACL1 ACE172.20.53.4 set security acl ip IPACL1 permit host 172.20.53.4 0.0.0.0 IPACL1 editbuffer modified. Use commit command to apply changes. VACL IPACL1 ACE set security acl ip IPACL1 permit any IPACL1 editbuffer modified. Use commit command to apply changes. IPACL1 ACE171.3.8.2 set security acl ip IPACL1 deny host 171.3.8.2 IPACL1 editbuffer modified. Use commit command to apply changes. show security acl info IPACL1 editbuffer set security acl ip IPACL1 ----------------------------------------------------------------- 1. permit ip host 172.20.53.4 any 2. permit ip any any 3. deny ip host 171.3.8.2 any NVRAM ACE commit security acl all ACL commit in progress. ACL IPACL1 is committed to hardware. show security acl info IPACL1 VACL VLAN set security acl map VLAN VACL ACL 7-21

VACL IPACL2 ACE172.20.3.2 ACE VACL ACE 2 modify ACEACE show security acl info acl_name [editbuffer] NVRAM ACE editbuffer set security acl ip IPACL2 deny host 172.20.3.2 before 2 IPACL2 editbuffer modified. Use commit command to apply changes. IPACL2 ACE 1.2.3.4 3/1 255.255.255.255 IP 0.0.0.0host ACE precedence IP 0 7 tos 0 15 set security acl ip IPACL2 redirect 3/1 ip 1.2.3.4 0.0.0.255 host 255.255.255.255 precedence 1 tos min-delay IPACL2 editbuffer modified. Use commit command to apply changes. show security acl info IPACL2 editbuffer set security acl ip IPACL2 ----------------------------------------------------------------- 1. deny 172.20.3.2 2. redirect 1.2.3.4 NVRAM ACE commit security acl all ACL commit in progress. ACL IPACL2 is committed to hardware. show security acl info IPACL2 VACL VLAN set security acl map VLAN VACL IPX VACL ACE IPX VACL ACEIPX VACL ACE IPX VACL ACE IPX VACL ACE set security acl ipx {acl_name} {permit deny redirect mod_num/port_num} {protocol} {src_net} [dest_net.[dest_node] [[dest_net_mask.]dest_node_mask]] [capture] [before editbuffer_index modify editbuffer_index] 7-22 Catalyst 6000

VACL IPXACL1 ACE 1234 set security acl ipx IPXACL1 deny any 1234 IPXACL1 editbuffer modified. Use commit command to apply changes. IPXACL1 ACE 1.A.3.4 set security acl ipx IPXACL1 deny any any 1.A.3.4 IPXACL1 editbuffer modified. Use commit command to apply changes. IPXACL1 ACE 3456 4/1 set security acl ipx IPXACL1 redirect 4/1 any 3456 IPXACL1 editbuffer modified. Use commit command to apply changes. show security acl info IPXACL1 editbuffer set security acl ipx IPXACL1 ----------------------------------------------------------------- 1. deny any 1234 2. deny any any 1.A.3.4 3. redirect 4/1 any 3456 NVRAM ACE commit security acl all ACL commit in progress. ACL IPXACL1 is committed to hardware. show security acl info IPXACL1 VACL VLAN set security acl map VLAN VACL IPXACL1 ACE 1 ACE ACE 2 set security acl ipx IPXACL1 permit any 1 before 2 IPXACL1 editbuffer modified. Use commit command to apply changes. IPXACL1 ACE set security acl ipx IPXACL1 permit any any IPXACL1 editbuffer modified. Use commit command to apply changes. ACL 7-23

VACL show security acl info IPXACL1 editbuffer set security acl ipx IPXACL1 ----------------------------------------------------------------- 1. deny any 1234 2. permit any 1 3. deny any any 1.A.3.4 4. redirect 4/1 any 3456 5. permit any any ACL IPXACL1 Status: Not Committed NVRAM ACE commit security acl all ACL commit in progress. ACL IPXACL1 is committed to hardware. show security acl info IPXACL1 VACL VLAN set security acl map VLAN VACL IP 4/IPX VACL ACE IP 4/IPX VACL ACE IP 4/IPX VACL ACE IP 4/IPX VACL ACE IP 4/IPX VACL ACE set security acl mac {acl_name} {permit deny} {src_mac_addr_spec} {dest_mac_addr_spec} [ether-type] [capture] [before editbuffer_index modify editbuffer_index] MACACL1 ACE 8-2-3-4-7-A set security acl mac MACACL1 deny host 8-2-3-4-7-A any MACACL1 editbuffer modified. Use commit command to apply changes. MACACL1 ACE A-B-C-D-1-2 set security acl mac MACACL1 deny any host A-B-C-D-1-2 MACACL1 editbuffer modified. Use commit command to apply changes. MACACL1 ACE set security acl mac MACACL1 permit any any MACACL1 editbuffer modified. Use commit command to apply changes. show security acl info MACACL1 editbuffer set security acl mac MACACL1 ----------------------------------------------------------------- 1. deny 8-2-3-4-7-A any 2. deny any A-B-C-D-1-2 3. permit any any 7-24 Catalyst 6000

VACL NVRAM ACE commit security acl all ACL commit in progress. ACL MACACL1 is committed to hardware. show security acl info MACACL1 VACL VLAN set security acl map VLAN VACL ACL commit ACL ACL NVRAM ACL ACEACL NVRAM ACL NVRAM ACL commit security acl acl_name all ACL NVRAM commit security acl IPACL2 ACL commit in progress. ACL IPACL2 is committed to hardware. VLAN VACL set security acl map VACL VLAN ACL/VLAN VACL VLAN VLAN VACL VLAN VACL set security acl map acl_name vlans VLAN 10 IPACL1 set security acl map IPACL1 10 ACL IPACL1 mapped to vlan 10 ACL set security acl map IPACL1 10 Commit ACL IPACL1 before mapping. ACL 7-25

VACL VACL show security acl info VACL VACL VACL show security acl info {acl_name all} [editbuffer [editbuffer_index]] NVRAMVACL show security acl info IPACL1 set security acl ip IPACL1 ------------------------------------------------------------------ 1. deny A 2. deny ip B any 3. deny c 4. permit any VACL show security acl info IPACL1 editbuffer set security acl ip IPACL1 ----------------------------------------------------------------- 1. deny A 2. deny ip B any 3. deny C 4. deny D 5. permit any VACL/VLAN show security acl map ACL VLAN VACL/VLAN VACL/VLAN VACL/VLAN show security acl map {acl_name vlan all} VACL show security acl map IPACL1 ACL IPACL1 is mapped to VLANs: 1 VLAN show security acl map 1 VLAN 1 is mapped to IP ACL IPACL1. VLAN 1 is mapped to IPX ACL IPXACL1. VLAN 1 is mapped to MAC ACL MACACL1. rollback ACL ACLcommit 7-26 Catalyst 6000

VACL ACL ACL rollback security acl {acl_name all} ACL rollback security acl IPACL1 Editbuffer for IPACL1 rolled back to last commit state. ACL ACE clear security acl ACL ACE ACE ACE ACL ACE ACL ACE clear security acl all clear security acl acl_name clear security acl acl_name editbuffer_index ACL ACE clear security acl all All editbuffers modified. Use commit command to apply changes. ACL ACE clear security acl IPACL1 2 IPACL1 editbuffer modified. Use commit command to apply changes. ACL clear security acl map VACL/VLAN ACL ACL clear security acl map all clear security acl map acl_name clear security acl map vlan clear security acl map acl_name vlan VACL/VLAN clear security acl map all Map deletion in progress. Successfully cleared mapping between ACL ip1 and VLAN 10. Successfully cleared mapping between ACL ipx1 and VLAN 10.... display text omitted ACL 7-27

VACL VLANVACL clear security acl map IPACL1 50 Map deletion in progress. Successfully cleared mapping between ACL ipacl1 and VLAN 50. VACL show security acl resource-usage VACL VACL VACL show security acl resource-usage VACL show security acl resource-usage ACL resource usage: ACL storage (mask/value): 0.29%/0.10% ACL to switch interface mapping table: 0.39% ACL layer 4 port operators: 0.0% Console (enable) set security acl ip ipx mac capture set security acl capture-ports mod/ports... capture VLAN EtherChannel ATM VLAN NVRAM ACL VLAN VLAN VLAN 3 3 VLAN VLAN VLAN 10 VLAN 20 VACL VLAN VLAN 20 VLAN 20 VLAN 10 VACL VLAN 7-28 Catalyst 6000

VACL 1 VLAN VLAN VLAN ACL 1 VLAN ACL ACL 1 1 VLAN 1 ACL ACE IP VACL IPX IP 4/IPX VACL 1 2 3 4 set security acl ip VACL ACE capture commit VACL ACE NVRAM set security acl map VACL VLAN set security acl capture-ports mod/ports... my_cap ACE set security acl ip my_cap permit ip host 60.1.1.1 host 60.1.1.98 capture my_cap editbuffer modified. Use commit command to apply changes. my_cap ACL NVRAM commit security acl my_cap ACL commit in progress. ACL my_cap successfully committed. VLAN 10 my_cap set security acl map my_cap 10 Mapping in progress. VLAN 10 successfully mapped to ACL my_cap. The old mapping with ACL captest was replaced with the new one. set security acl capture-ports 1/1-2,2/1-2 Successfully set the following ports to capture ACL traffic: 1/1-2,2/1-2 ACL 7-29

ACL show sec acl capture-ports ACL Capture Ports: 1/1-2,2/1-2 clear sec acl capture-ports 1/1,2/1 Successfully cleared the following ports: 1/1,2/1 1/1 2/1 show sec acl capture-ports ACL Capture Ports:1/2,2/2 ACL NVRAM ACL NVRAM QoS ACL VACLNVRAM NVRAM ACL ACL 512-KB NVRAM ACL NVRAM ACL p.7-31 ACL p.7-31 ACL p.7-33 NVRAM ACL p.7-33 p.7-33 p.7-33 CLI p.7-34 Catalyst 6000 Family Software Configuration Guide Modifying the Switch Boot Configuration 7-30 Catalyst 6000

ACL ACL ACL NVRAM NVRAM NVRAM QoS ACL VACL ACL syslog 1999 Sep 01 17:00:00 %SYS-1-CFG_FLASH:ACL configuration moved to bootflash:switchapp.cfg 1999 Sep 01 17:00:00 %SYS-1-CFG_ACL_DEALLOC:NVRAM full. Qos/Security ACL configuration deleted from NVRAM. ACL CONFIG_FILE bootflash:switchapp.cfg set boot config-register auto-config recurring append sync syslog 1999 Sep 01 17:00:00 %SYS-1-CFG_FLASH_ERR:Failed to write ACL configuration to bootflash:switchapp.cfg 1999 Sep 01 17:00:00 %SYS-1-CFG_ACL_DEALLOC:NVRAM full. Qos/Security ACL configuration deleted from NVRAM. ACLDRAM set config acl nvram [p.7-36]acl set config acl nvram NVRAM ACL ACL ACL512-KB NVRAM ACL CLI p.7-34 1 ACL auto-config set boot auto-config bootflash:switchapp.cfg CONFIG_FILE variable = bootflash:switchapp.cfg 2 CONFIG_FILE recurring non-recurring set boot config-register auto-config recurring Configuration register is 0x12F ignore-config: disabled auto-config: recurring, overwrite, sync disabled console baud: 9600 boot: image specified by the boot system commands ACL 7-31

ACL 3 4 5 6 auto-config NVRAM NVRAM set boot config-register auto-config append Configuration register is 0x12F ignore-config: disabled auto-config: recurring, append, sync disabled console baud: 9600 boot: image specified by the boot system commands auto-config 1 set boot config-register auto-config sync enable Configuration register is 0x12F ignore-config: disabled auto-config: recurring, append, sync enabled console baud: 9600 boot: image specified by the boot system commands ACL auto-config copy acl-config bootflash:switchapp.cfg Upload ACL configuration to bootflash:switchapp.cfg 2843644 bytes available on device bootflash, proceed (y/n) [n]? y ACL configuration has been copied successfully. NVRAM ACL clear config acl nvram ACL configuration has been deleted from NVRAM. Warning: Use the copy commands to save the ACL configuration to a file and the íset boot config-register auto-configí commands to configure the auto-config feature. ACL set qos acl map set security acl map auto-config ACL NVRAM ACL auto-config bootflash:switchapp.cfg NVRAM ACL copy acl-config bootflash:switchapp.cfg auto-config auto-config ACL NVRAM ACLDRAM ACL ACL 7-32 Catalyst 6000

ACL ACL CONFIG_FILE syslog 1999 Sep 01 17:00:00 %SYS-0-CFG_FLASH_ERR:ACL configuration set to flash but no ACL configuration file found. ACL ACL QoS ACL VACL NVRAM set boot config-register auto-config append auto-config NVRAM ACL set boot config-register auto-config append auto-config auto-config NVRAM auto-config ACL NVRAM ACL NVRAM ACL set config acl nvram ACL configuration copied to NVRAM. clear boot auto-config CONFIG_FILE variable = set boot auto-config auto-config ACL auto-config auto-config auto-config ACL ACL NVRAM DRAM ACL 7-33

ACL CLI CLI set boot config-register auto-config {overwrite append} p.7-34 set boot config-register auto-config sync {enable disable} p.7-34 clear config acl nvram p.7-35 set config acl nvram p.7-36 show config acl location p.7-36 copy acl-config file-id p.7-36 p.7-36 p.7-36 set boot config-register auto-config {overwrite append} auto-config NVRAM auto-config NVRAM auto-config NVRAM NVRAM auto-configoverwrite set boot config-register auto-config help Usage: set boot config-register auto-config {recurring non-recurring} set boot config-register auto-config {overwrite append} set boot config-register auto-config {sync {enable disable}} set boot config-register auto-config overwrite Configuration register is 0x12F ignore-config: disabled Auto-config: non-recurring, overwrite, sync disabled console baud: 9600 boot: image specified by the boot system commands set boot config-register auto-config append Configuration register is 0x12F ignore-config: disabled Auto-config: non-recurring, append, sync disabled console baud: 9600 boot: image specified by the boot system commands set boot config-register auto-config sync {enable disable} auto-config 1 auto-config 1 CONFIG_FILE 7-34 Catalyst 6000

ACL CONFIG_FILE auto-config auto-config2 CRC 2 set boot config-register auto-config sync disable Configuration register is 0x12F ignore-config: disabled auto-config: non-recurring, append, sync disabled console baud: 9600 boot: image specified by the boot system commands set boot config-register auto-config sync enable Configuration register is 0x12F ignore-config: disabled auto-config: non-recurring, append, sync enabled console baud: 9600 boot: image specified by the boot system commands clear config acl nvram NVRAM ACL clear config acl nvram ACL configuration has been deleted from NVRAM. Warning: Use the copy commands to save the ACL configuration to a file and the set boot config-register auto-config commands to configure the auto-config feature. NVRAM auto-config append p.7-35 overwrite p.7-36 append NVRAM auto-config ACLauto-config bootflash:switchapp.cfg set boot auto-config bootflash:switchapp.cfg set boot config-register auto-config append bootflash:switchapp.cfg ACL QoS ACL VACL copy acl-config auto-config copy acl-config bootflash:switchapp.cfg ACL 7-35

ACL overwrite auto-config copy config bootflash:switch.cfg set boot auto-config bootflash:switch.cfg set boot config-register auto-config overwrite bootflash:switch.cfg copy auto-config copy config bootflash:switch.cfg set config acl nvram DRAM NVRAM ACL NVRAM NVRAM auto-config auto-config auto-config clear boot auto-config show config acl location copy acl-config file-id set config acl nvram ACL configuration copied to NVRAM. set config acl nvram Failed to copy ACL configuration to NVRAM. Insufficient NVRAM space available. ACL Console> show config acl location ACL configuration is being saved in NVRAM. Console> Console> show config acl location ACL configuration not being saved in NVRAM. Use the copy commands to save the ACL configuration to a file. Console> auto-config ACL copy acl-config bootflash:switchapp.cfg Upload configuration to bootflash:switchapp.cfg 2843644 bytes available on device bootflash, proceed (y/n) [n]? y ACL configuration has been copied successfully. ACLQoS ACL VACL Warning: Use the copy commands to save your ACL configuration to flash. CONFIG_FILE 1 Warning: System ACL configuration has been modified but not saved to flash. 7-36 Catalyst 6000