2-510
Catalyst 6500 Series Switch Command Reference—Release7.6
78-15328-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
set security acl ipTo create a new entry in a standard IP VACL and append the new entry at the end of the VACL, use the
set security acl ip command.
set security acl ip {acl_name} {permit | deny} {src_ip_spec} [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} [permit | deny] arp
set security acl ip {acl_name} {permit | deny | redirect {adj_name | mod_num/port_num}}
{protocol} {src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [fragment]
[capture] [before editbuffer_index | modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [ip]
{src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [fragment] [capture]
[before editbuffer_index | modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [icmp | 1]
{src_ip_spec} {dest_ip_spec} [icmp_type] [icmp_code] | [icmp_message]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [tcp | 6]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]] [established]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [udp | 17]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny} arp-inspection {host ip_addr}
{mac_addr | any [log]}
set security acl ip {acl_name} {permit | deny} arp-inspection any any [log]
set security acl ip {acl_name} {permit | deny} arp-inspection {host ip_addr} {ip_mask} any
[log]
set security acl ip {acl_name} permit dot1x-dhcp [before editbuffer_index | modify
editbuffer_index]
set security acl ip {acl_name} permit any
Syntax Description acl_name Unique name that identifies the lists to which the entry belongs.
permit Allows traffic from the source IP address.
deny Blocks traffic from the source IP address.
src_ip_spec Source IP address and the source mask. See the “Usage Guidelines”
section for the format.