Leaflet

13
OL-11615-01
Configuring PACLs in Catalyst OS
To configure PACLs in Catalyst OS, perform the following steps:
Step 1 Specify the PACL mode using the set port security-acl command:
Console> (enable) set port security-acl
mod/ports..
[port-based | vlan-based | merge]
Step 2 Map the PACL to ports or to a VLAN using the set security acl map command:
Console> (enable) set security acl map
acl_name
[
mod/ports
|
vlans
]
This example shows how to map a PACL to a port when the port is in VLAN-based mode:
Console> (enable) set port security-acl 3/1 vlan-based
ACL interface is set to vlan-based mode for port(s) 3/1.
Console> (enable) set security acl map ipacl1 3/1
Port 3/1 is set to vlan-based mode, config is saved in Nvram.
Config will be applied when the port is set to port-based/merge.
Console> (enable) set port security-acl 3/1 port-based
Warning: Vlan-based ACL features will be disabled on port(s) 3/1.
ACL interface is set to port-based mode for port(s) 3/1.
For more information on how to configure PACLs on Catalyst 6500 running Catalyst OS, refer to the
following URL:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/acc
_list.htm#wp1203610
Configuring PACLs in Cisco IOS
To configure a PACL in Cisco IOS software, perform the following steps:
Step 1 Create the standard or extended IP ACLs or named MAC extended ACLs to be applied using the ip
access-list or mac access-list commands:
Step 2 Set the mode in which the PACL will interact with other ACLS using the access-group mode interface
command:
Switch(config-if)# access-group mode {prefer {port | vlan} | merge}
Ta b l e 1 Interaction Between PACLs, VACLs, and Router ACLs
ACL Type PACL Mode
Prefer Port Prefer VLAN Merge
Input router ACL PACL applied Input router ACL applied PACL, Input router ACL (merged)
applied in order (ingress)
VAC L PACL applied VACL applied PACL, VACL (merged) applied in
order (ingress)
VACL + Input
router ACL
PACL applied VACL + Input router ACL
applied
PACL, VACL, Input router ACL
(merged) applied in order (ingress)