16-56
Catalyst 6000 Family Software Configuration Guide—Releases 6.3 and 6.4
78-13315-02
Chapter 16 Configuring Access Control
Configuring Policy-Based Forwarding
Figure 16-9 Policy-Based Forwarding Configuration Example
This example shows the switch configuration file that was created to enable PBF between the hosts on
VLAN 1 and VLAN 2. Only the first four hosts from each VLAN are shown in the example (44.0.0.1
through 44.0.0.4 and 43.0.0.1 through 43.0.0.4).
#security ACLs
clear security acl all
#adj set
set security acl adjacency a_1 2 00-0a-0a-0a-0a-0a
set security acl adjacency a_2 2 00-0a-0a-0a-0a-0b
set security acl adjacency a_3 2 00-0a-0a-0a-0a-0c
set security acl adjacency a_4 2 00-0a-0a-0a-0a-0d
set security acl adjacency b_1 1 00-20-20-20-20-20
set security acl adjacency b_2 1 00-20-20-20-20-21
set security acl adjacency b_3 1 00-20-20-20-20-22
set security acl adjacency b_4 1 00-20-20-20-20-23
#ip1
set security acl ip ip1 permit arp
set security acl ip ip1 redirect a_1 ip host 44.0.0.1 host 43.0.0.1
set security acl ip ip1 redirect a_2 ip host 44.0.0.2 host 43.0.0.2
set security acl ip ip1 redirect a_3 ip host 44.0.0.3 host 43.0.0.3
set security acl ip ip1 redirect a_4 ip host 44.0.0.4 host 43.0.0.4
set security acl ip ip1 permit ip any any
#ip2
set security acl ip ip2 permit arp
set security acl ip ip2 redirect b_1 ip host 43.0.0.1 host 44.0.0.1
set security acl ip ip2 redirect b_2 ip host 43.0.0.2 host 44.0.0.2
set security acl ip ip2 redirect b_3 ip host 43.0.0.3 host 44.0.0.3
set security acl ip ip2 redirect b_4 ip host 43.0.0.4 host 44.0.0.4
set security acl ip ip2 permit ip any any
#pbf set
set pbf mac 00-11-22-33-44-55
#
commit security acl all
set security acl map ip1 1
set security acl map ip2 2
VLAN 1 Hosts
IP: 44.0.0.1 - 44.0.0.17
MAC:00-20-20-20-20-20 -
Interface: Port 4/1
6/17
6/9
00:20:20:20:20:2f
VLAN 2 Hosts
IP: 43.0.0.1 - 43.0.0.17
MAC:00-0a-0a-0a-0a-0a -
Interface: Port 4/2
00:0a:0a:0a:0a:19
VLAN 2
VLAN 1
PFC2 MAC address:
00-11-22-33-44-55
Catalyst 6500 series switches
58974
