2-624
Catalyst 6500 Series Switch Command Reference—Release8.4
OL-6244-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl ip
set security acl ipTo create a new entry in a standard IP VACL and append the new entry at the end of the VACL, use the
set security acl ip command.
set security acl ip {acl_name} {permit | deny} {src_ip_spec} [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} [permit | deny] arp
set security acl ip {acl_name} permit dot1x-dhcp [before edit_buffer | modify edit_buffer]
set security acl ip {acl_name} permit dhcp-snooping {before editbuffer_index |
modify editbuffer_index}
set security acl ip {acl_name} {permit | deny | redirect {adj_name | mod_num/port_num}}
{protocol} {src_ip_spec} {dest_ip_spec} [precedence precedence] [tos tos] [fragment]
[capture] [before editbuffer_index | modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [ip]
{src_ip_spec | group group_name} {dest_ip_spec | group group_name} [precedence
precedence] [tos tos] [fragment] [capture] [before editbuffer_index | modify editbuffer_index]
[log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [icmp | 1]
{src_ip_spec} {dest_ip_spec} [icmp_type] [icmp_code] | [icmp_message]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [tcp | 6]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]] [established]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny | redirect {mod_num/port_num}} [udp | 17]
{src_ip_spec} [operator port [port]] {dest_ip_spec} [operator port [port]]
[precedence precedence] [tos tos] [fragment] [capture] [before editbuffer_index |
modify editbuffer_index] [log]
set security acl ip {acl_name} {permit | deny} arp-inspection {host ip_addr}
{mac_addr | any [log]}
set security acl ip {acl_name} {permit | deny} arp-inspection any any [log] [before edit_buffer
| modify edit_buffer]
set security acl ip {acl_name} {permit | deny} arp-inspection {host ip_addr} {ip_mask} any
[log]
set security acl ip {acl_name} permit any
Syntax Description acl_name Unique name that identifies the lists to which the entry belongs.
permit Allows traffic from the source IP address.