2-455
Catalyst 6500 Series Switch Command Reference—Release7.6
78-15328-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands set qos acl ipx
The optional aggregate aggregate_name keyword and variable are used to configure policing in the
ACE. Refer to the Catalyst 6500 Series Switch Software Configuration Guide for additional policing rule
information.
Use the show security acl command to display the list.
The src_ip_spec, optional precedence precedence, or dscp-field dscp keywords and variables, are used
to configure filtering.
When you enter the ACL name, follow these naming conventions:
Maximum of 31 characters long and may include a-z, A-Z, 0-9, the d ash character (-), the unde rscore
character (_), and the period character (.)
Must start with an alpha character and must be unique across all ACLs of all types
Case sensitive
Cannot be a number
Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Valid protocol keywords include ncp (17), rip (1), sap (4), and spx (5). The IP net work nu mber is l isted
in parentheses.
The src_net and dest_net variables are eight-digit hexadecimal numbers that uniquely identify network
cable segments. When you specify the src_net or dest_net, use the following guidelines:
It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks.
You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA.
The dest_node is a 48-bit value represented by a dotted triplet of four-digit hexadecimal numbers
(xxxx.xxxx.xxxx).
The destination_mask is of the form N.H.H.H or H.H.H where N is the destination network mask an d H
is the node mask. It can be specified only when the destination node is also specified for the destination
address.
The dest_net_mask is an eight-digit hexadecimal mask. Place ones in the bit positions you want to mask.
The mask must be immediately followed by a period, which must in tu rn be i mme diat el y fol lowed by
destination-node-mask. You can enter this value only when dest_node is specified.
The dest_node_mask is a 48-bit value represented as a dotted triplet of 4-digit hexadecimal numbers
(xxxx.xxxx.xxxx). Place ones in the bit positions you want to mask. You can enter this value only when
dest_node is specified.
The dest_net_mask is an eight-digit hexadecimal number that uniquely identifies the network c able
segment. It can be a number in the range 0 to FFFFFFFF. A network number of -1 or any matches all
networks. You do not need to specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA. Following are dest_net_mask examples:
123A
123A.1.2.3
123A.1.2.3 ffff.ffff.ffff
1.2.3.4 ffff. ffff.ffff.ffff