2-372
Catalyst 6500 Series Switch Command Reference—Release7.6
78-15328-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf-map
set pbf-map To create security ACLs and to set adjacency information, use the set pbf-map command.
set pbf-map {ip_addr_1} {mac_addr_1} {vlan_1} {ip_addr_2} {mac_addr_2} {vlan_2}
Syntax Description
Defaults This command has no default settings.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines The set pbf-map command does not change existing commands or NVRAM.
The set pbf-map command creates security ACLs and adjacency inf or matio n b ase d on yo ur inpu t a nd
then automatically commits the ACLs. This command simplifies the configuration of policy-based
forwarding.
An example of the simplified syntax is set pbf-map 1.1.1 .1 0-0-0 -0- 0-1 1 1 2 .2.2. 2 0-0-0- 0- 0-2 12 .
The above example is equivalent to all of the followin g PBF commands, which were released pr ior to 7.4:
set security acl adjacency PBF_MAP_ADJ_0 11 0-0-0-0-0-1
set security acl adjacency PBF_MAP_ADJ_1 12 0-0-0-0-0-2
commit security acl adjacency
set security acl ip PBF_MAP_ACL_11 redirect PBF_MAP_ADJ_1 ip host 1.1.1.1 host 2. 2.2 .2
set security acl ip PBF_MAP_ACL_12 redirect PBF_MAP_ADJ_0 ip host 2.2.2.2 host 1. 1.1 .1
If the permit ip any any ACE is missing, the following two entries are added:
set security acl ip PBF_MAP_ACL_11 permit ip any any
set security acl ip PBF_MAP_ACL_12 permit ip any any
commit security acl ip PBF_MAP_ACL_11
commit security acl ip PBF_MAP_ACL_12
set security acl map PBF_MAP_ACL_11 11
set security acl map PBF_MAP_ACL_12 12
Each entry in the ACL that is added by the set pbf-map command is inserted before the default permit
ip any any ACE.
ip_addr_1 IP address of host 1.
mac_addr_1 MAC address of host 1.
vlan_1 Number of the first VLAN.
ip_addr_2 IP address of host 2.
mac_addr_2 MAC address of host 2.
vlan_2 Number of the second VLAN.