33-25
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter33 Configuring Network Securi ty with ACLs
Configuring PACLs
This example shows how to merge and apply features other than PACL on the interface:
Switch# configure t
Switch(config)# interface
interface
Switch(config-if)# access-group mode prefer port
This example shows how to merge applicable ACL features before they are program med into hardware:
Switch# configure t
Switch(config)# interface
interface
Switch(config-if)# access-group mode merge
Applying ACLs to a Layer 2 Interface
To apply IP and MAC ACLs to a Layer 2 interface, perform one of these tasks:
Note Supervisor Engines III and Supervisor Engine IV running on a Catalyst 4500 series switch suppo rt both
input and output PACLs on an interface.
This example applies the extended named IP ACL simple-ip-acl to interface FastEthernet 6/1 ingress
traffic:
Switch# configure t
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# ip access-group simple-ip-acl in
This example applies the extended named MAC ACL simple-mac-acl to interface FastEthernet 6 /1
egress traffic:
Switch# configure t
Switch(config)# interface fastEthernet 6/1
Switch(config-if)# mac access-group simple-mac-acl out
Displaying an ACL Configuration on a Layer 2 Interface
To display information about an ACL configuration on Layer 2 interfaces, perform one of these tasks:
Command Purpose
Switch(config-if)# ip access-group
ip-acl
{in | out} Applies an IP ACL to the Layer 2 interface
Switch(config-if)# mac access-group
mac-acl
{in | out} Applies a MAC ACL to the Layer 2 interface.
Command Purpose
Switch# show ip interface [
interface-name
]Shows the IP access group configuration on the interface.
Switch# show mac access-group interface
[
interface-name
]
Shows the MAC access group configuration on the
interface.
Switch# show access-group mode interface
[
interface-name
]
Shows the access group mode configuration on the
interface.