Chapter 15
Configuring Access Control
You can configure a maximum of 256 adjacency table entries for a VLAN. The maximum number of
Note
adjacency table entries is 1023.
To enable jumbo frame forwarding using PBF, enter the mtu keyword in the set security acl adjacency
Note
command.
The order of entries in a PBF VACL is important. The adjacency table entry has to be defined in the VACL
before the redirect ACE because the redirect ACE uses it to redirect the traffic. You should create entries for
PBF VACLs in the following order:
Specify the adjacency table entry.
1.
Specify the redirect ACE in the PBF VACL that is using the adjacency table entry.
2.
Commit the adjacency table entry.
3.
4.
Commit the PBF VACL.
5.
Map the PBF VACL to a single VLAN or multiple VLANs.
You can combine Steps 3 and 4 by entering the commit security acl all command.
Tip
The same adjacency table entry can be used by more than one redirect ACE.
Note
To specify an adjacency table entry for the PFC2 or PFC3A/PFC3B/PFC3BXL, perform this task in
privileged mode:
Task
Specify an adjacency table entry for the PFC2 or
PFC3A/PFC3B/PFC3BXL.
This example shows how to specify the adjacency table entry:
Console> (enable) set security acl adjacency ADJ1 11 00-00-00-00-00-0B
ADJ1 editbuffer modified. Use 'commit' command to apply changes.
Console> (enable)
This example shows how to create the PBF VACL for VLAN 10 (see
Console> (enable) set security acl adjacency ADJ1 11 00-00-00-00-00-0B
ADJ1 editbuffer modified. Use 'commit' command to apply changes.
Console> (enable) set security acl ip IPACL1 redirect ADJ1 ip host 10.0.0.1 host 11.0.0.1
IPACL1 editbuffer modified. Use 'commit' command to apply changes.
Console> (enable) set security acl ip IPACL1 permit any
IPACL1 editbuffer modified. Use 'commit' command to apply changes.
Console> (enable) commit security acl adjacency
Commit operation in progress.
Adjacency successfully committed.
Console> (enable) commit security acl IPACL1
ACL commit in progress.
OL-8978-04
Command
set security acl adjacency adjacency_name
dest_vlan dest_mac [[source_mac] |
[source_mac mtu mtu_size] | [mtu mtu_size]]
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
Configuring Policy-Based Forwarding
Figure
15-10):
15-95