2-456
Catalyst 6500 Series Switch Command Reference—Release8.4
OL-6244-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set pbf-map
set pbf-map To create security ACLs and to set adjacency information or to map a list of hosts to a gateway, use the
set pbf-map command.
set pbf-map {ip_addr_1} {mac_addr_1} {vlan_1} {ip_addr_2} {mac_addr_2} {vlan_2}
set pbf-map {client_list} {gw_name}
Syntax Description
Defaults This command has no default settings.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines The set pbf-map command does not change existing commands or NVRAM.
The set pbf-map command creates security ACLs and adjacency information based on your i nput, an d
then automatically commits the ACLs. This command simplifies the configuration of policy-based
forwarding.
An example of the simplified syntax is set pbf-map 1.1.1 .1 0-0-0 -0- 0-1 1 1 2 .2.2. 2 0-0-0- 0- 0-2 12 .
The above example is equivalent to all of the followin g PBF commands, which were released pr ior to 7.4:
set security acl adjacency PBF_MAP_ADJ_0 11 0-0-0-0-0-1
set security acl adjacency PBF_MAP_ADJ_1 12 0-0-0-0-0-2
commit security acl adjacency
set security acl ip PBF_MAP_ACL_11 redirect PBF_MAP_ADJ_1 ip host 1.1.1.1 host 2. 2.2 .2
set security acl ip PBF_MAP_ACL_12 redirect PBF_MAP_ADJ_0 ip host 2.2.2.2 host 1. 1.1 .1
If the permit ip any any ACE is missing, the following two entries are added:
set security acl ip PBF_MAP_ACL_11 permit ip any any
set security acl ip PBF_MAP_ACL_12 permit ip any any
commit security acl ip PBF_MAP_ACL_11
ip_addr_1 IP address of host 1.
mac_addr_1 MAC address of host 1.
vlan_1 Number of the first VLAN.
ip_addr_2 IP address of host 2.
mac_addr_2 MAC address of host 2.
vlan_2 Number of the second VLAN.
client_list Client list name.
gw_name Gateway name.