2-638
Catalyst 6500 Series Switch Command Reference—Release8.4
OL-6244-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set security acl map
set security acl mapTo map an existing ACL to a port or to a VLAN or to enable ACL statistic s, use the set security acl map
command.
set security acl map acl_name {mod/port | vlans} [statistics {enable | disable}]
Syntax Description
Defaults There are no default ACLs and no default ACL-to- VLA N ma pp ings.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines When you use this command, the configurations are saved in NVRAM. This command does not require
that you enter the commit command. Each VLAN can be mapped to only one ACL of each type (IP, IPX,
and MAC). An ACL can be mapped to a VLAN only after you have committed the ACL.
When you enter the ACL name, follow these naming conventions:
•Maximum of 32 characters long and may include a-z, A-Z, 0-9, the d ash character (-), the unde rscore
character (_), and the period character (.)
•Must start with an alpha character and must be unique across all ACLs of all types
•Case sensitive
•Cannot be a number
•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Caution Use the copy command to save the ACL configuration to Flash memory.
You can map an ACL to a port even if the port is in VLAN-based PACL mode. In such cases, the
configuration is committed to NVRAM and is later restored to the hardware when the port is changed to
port-based or merge mode.
Note Mapping an ACL to a port is only available with a Supervisor Engine 720.
acl_name Unique name that identifies the list to which the entry belongs.
mod/port Number of the module and the port on the mod ule.
vlans Number of the VLANs to be mapped to the VACL; valid values are f rom 1 t o 4094.
statistics (Optional) Specifies ACL statistics on a per-VLAN basis.
enable Enables ACL statistics on a per-VLAN basis.
disable Disables ACL statistics on a per-VLAN basis.