Cisco Systems OL-6244-01

2-625

Catalyst 6500 Series Switch Command Reference—Release8.4

OL-6244-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands set security acl ip

deny Blocks traffic from the source IP address.

src_ip_spec Source IP address and the source mask. See the “Usage Guidelines” section for

the format.

before

editbuffer_index (Optional) Inserts the new ACE in front of another ACE.

modify

editbuffer_index (Optional) Replaces an ACE with the new ACE.

log (Optional) Logs denied packets.

arp Specifies ARP.

dot1x-dhcp Specifies 802.1X authentication for the DHCP Relay Agent.

dhcp-snooping Specifies DHCP snooping.

redirect Specifies to which switched ports the packet is redirected.

adj_name Name of the adjacency table entry.

mod_num/port_num Number of the module and port.

protocol Keyword or number of an IP protocol; valid numbers are from 0 to 255

representing an IP protocol number. See the “Usage Guid elines” sec tion for the

list of valid keywords.

dest_ip_spec Destination IP address and the destination mask. See the “Usage Guidelines”

section for the format.

precedence

precedence (Optional) Specifies the precedence level; valid values are from 0 to 7 or by

name. See the “Usage Guidelines” section for a list of valid names.

tos tos (Optional) Specifies the type of service level; valid values are from 0 to 15 or

by name. See the “Usage Guidelines” section for a list of valid names.

fragment (Optional) Filters IP traffic that carries fragments.

capture (Optional) Specifies packets are switched normally and captured; permit must

also be enabled.

ip (Optional) Matches any Internet Protocol packet.

icmp | 1(Optional) Matches ICMP packets.

icmp-type (Optional) ICMP message type name or a number; valid values are from 0 to

255. See the “Usage Guidelines” section for a list of valid names.

icmp-code (Optional) ICMP message code name or a number; valid values are from 0 to

255. See the “Usage Guidelines” section for a list of valid names.

icmp-message (Optional) ICMP message type name or ICMP message type and code name.

See the “Usage Guidelines” section for a list of valid names.

tcp | 6(Optional) Matches TCP packets.

operator (Optional) Operands; valid values include lt (less than), gt (greater than), eq

(equal), neq (not equal), and range (inclusive range).

port (Optional) Number or name of a TCP or UDP port; valid port numbers are from

0 to 65535. See the “Usage Guidelines” section for a list of valid nam es.

established (Optional) Specifies an established connection; used only for TCP protocol.

udp | 17 (Optional) Matches UDP packets.

arp-inspection Specifies ARP inspection.

host ip_addr Specifies the host and host’s IP address.

mac_addr Specifies the MAC address.