Cisco WS-X6066-SLB-APC - Content Switching Module Software Manual page 336

Catalyst 6000 series software configuration guide

Hide thumbs Also See for WS-X6066-SLB-APC - Content Switching Module:

Installation note (28 pages)

Table of Contents

Configuring VACLs

This example shows how to map my_cap to VLAN 10:

Console> (enable) set security acl map my_cap 10

Mapping in progress.

VLAN 10 successfully mapped to ACL my_cap.

The old mapping with ACL captest was replaced with the new one.

Console> (enable)

This example shows how to specify capture ports:

Console> (enable) set security acl capture-ports 1/1-2,2/1-2

Successfully set the following ports to capture ACL traffic:

Console> (enable)

This example shows how to display ports that have been specified as capture ports:

Console> (enable) show security acl capture-ports

ACL Capture Ports: 1/1-2,2/1-2

Console> (enable)

This example shows how to clear capture ports:

Console> (enable) clear security acl capture-ports 1/1,2/1

Successfully cleared the following ports:

Console> (enable)

This example shows that ports 1/1 and 2/1 were cleared:

Console> (enable) show security acl capture-ports

ACL Capture Ports:1/2,2/2

Console> (enable)

Configuring VACL Logging

This feature is only available with Supervisor Engine 2 with Layer 3 Switching Engine II (PFC2).

You can log messages about denied packets for the standard IP access list by entering the log keyword

for deny VACLs. That is, any packet that matches the access list will cause an informational logging

message about the packet to be sent to the console. The level of messages logged to the console is

controlled by the set logging level acl severity command.

The first packet that triggers the access list causes a logging message right away, and subsequent packets

are collected over 5-minute intervals before they are displayed or logged. The logging message includes

the flow pattern and number of packets received in the prior 5-minute interval.

By default, system logging messages are sent to the console. You can configure the switch to send

system logging messages to a syslog server. For information on configuring system message logging,

Configuration Guidelines

Follow these guidelines when configuring VACL logging:

Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4

Chapter 27, "Configuring System Message Logging."

Log only deny traffic from IP VACLs.

You must set the logging level to 6 (information) or 7 (debugging).

Configuring Access Control

Show Quick Links

Table of Contents

Troubleshooting

Cisco WS-X6066-SLB-APC - Content Switching Module Software Manual page 336

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-X6066-SLB-APC - Content Switching Module

Related Products for Cisco WS-X6066-SLB-APC - Content Switching Module

This manual is also suitable for:

Table of Contents