Cisco Systems 7600 SERIES manual Configuring a Match Clause in a Vlan Access Map Sequence, 23-13

Page 13

Chapter 23 Configuring Network Security

Configuring VLAN ACLs

When defining a VLAN access map, note the following syntax information:

To insert or modify an entry, specify the map sequence number.

If you do not specify the map sequence number, a number is automatically assigned.

You can specify only one match clause and one action clause per map sequence.

Use the no keyword with a sequence number to remove a map sequence.

Use the no keyword without a sequence number to remove the map.

See the “VLAN Access Map Configuration and Verification Examples” section on page 23-15.

Configuring a Match Clause in a VLAN Access Map Sequence

To configure a match clause in a VLAN access map sequence, perform this task:

Command

Purpose

 

 

Router(config-access-map)# match {ip address {1-199

Configures the match clause in a VLAN access map sequence.

1300-2699 acl_name} ipx address {800-999

 

acl_name} mac address acl_name}

 

Router(config-access-map)# no match {ip address

Deletes the match clause in a VLAN access map sequence.

{1-199 1300-2699 acl_name} ipx address {800-999

 

acl_name} mac address acl_name}

 

 

 

When configuring a match clause in a VLAN access map sequence, note the following syntax information:

You can select one or more ACLs.

VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs.

Use the no keyword to remove a match clause or specified ACLs in the clause.

For information about named MAC-Layer ACLs, refer to the “Configuring MAC-Layer Named Access Lists (Optional)” section on page 32-39.

For information about Cisco IOS ACLs, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Traffic Filtering and Firewalls,” “Access Control Lists: Overview and Guidelines,” at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/index.htm See the “VLAN Access Map Configuration and Verification Examples” section on page 23-15.

 

 

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

 

 

 

 

 

 

78-14064-04

 

 

23-13

 

 

 

 

 

Image 13
Contents This chapter consists of these sections ACL Configuration Guidelines23-1 23-2 Hardware and Software ACL Support23-3 Determining Layer 4 Operation UsageDetermining Logical Operation Unit Usage Configuring the Cisco IOS Firewall Feature SetMore detailed example follows 23-423-5 Cisco IOS Firewall Feature Set Support OverviewConfiguring Cbac on Cisco 7600 Series Routers Firewall Configuration Guidelines and RestrictionsRestrictions Guidelines23-7 Configuring MAC Address-Based Traffic BlockingUnderstanding VACLs Configuring Vlan ACLsVacl Overview 23-8Bridged Packets VACLs and Cbac cannot be configured on the same interfaceSame interface Igmp packets are not checked against VACLs23-10 Routed PacketsThese sections describe configuring VACLs Configuring VACLsMulticast Packets 23-11Defining a Vlan Access Map Vacl Configuration OverviewTo define a Vlan access map, perform this task 23-12Configures the match clause in a Vlan access map sequence Configuring a Match Clause in a Vlan Access Map SequenceDeletes the match clause in a Vlan access map sequence 23-13Applying a Vlan Access Map Configuring an Action Clause in a Vlan Access Map Sequence23-14 Vlan Access Map Configuration and Verification Examples Verifying Vlan Access Map Configuration23-15 23-16 Configuring a Capture Port23-17 Configuring Vacl Logging23-18 Configuring TCP InterceptConfiguring Unicast RPF Configuring Unicast Reverse Path ForwardingUnderstanding Unicast RPF Support Enabling Self-Pinging23-20 Configuring the Unicast RPF Checking ModeThis example shows how to verify the configuration Configuring Unicast Flood Protection23-21 23-22 Configuring MAC Move Notification23-23 23-24
Related manuals
Manual 74 pages 38.06 Kb