Cisco 7609 User Manual

572 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Page #338 background image

Loading...

Page #338 background image

23-16

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

78-14064-04

Chapter 23 Configuring Network Security

Configuring VLAN ACLs

This example shows how to define and apply a VLAN access map to forward IP packets. In this example,

IP traffic matching net_10 is forwarded and all other IP packets are dropped due to the default drop

action. The map is applied to VLAN 12 to 16.

Router(config)# vlan access-map thor 10

Router(config-access-map)# match ip address net_10

Router(config-access-map)# action forward

Router(config-access-map)# exit

Router(config)# vlan filter thor vlan-list 12-16

This example shows how to define and apply a VLAN access map to drop and log IP packets. In this

example, IP traffic matching net_10 is dropped and logged and all other IP packets are forwarded:

Router(config)# vlan access-map ganymede 10

Router(config-access-map)# match ip address net_10

Router(config-access-map)# action drop log

Router(config-access-map)# exit

Router(config)# vlan access-map ganymede 20

Router(config-access-map)# match ip address any_host

Router(config-access-map)# action forward

Router(config-access-map)# exit

Router(config)# vlan filter ganymede vlan-list 7-9

This example shows how to define and apply a VLAN access map to forward and capture IP packets. In

this example, IP traffic matching net_10 is forwarded and captured and all other IP packets are dropped:

Router(config)# vlan access-map mordred 10

Router(config-access-map)# match ip address net_10

Router(config-access-map)# action forward capture

Router(config-access-map)# exit

Router(config)# vlan filter mordred vlan-list 2, 4-6

Configuring a Capture Port

A port configured to capture VACL-filtered traffic is called a capture port.

Note To apply IEEE 802.1Q or ISL tags to the captured traffic, configure the capture port to trunk

unconditionally (see the “Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk” section

on page 7-8 and the “Configuring the Layer 2 Trunk Not to Use DTP” section on page 7-9).

To configure a capture port, perform this task:

Command Purpose

Step 1

Router(config)# interface {{type

1

slot/port}

1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

Specifies the interface to configure.

Step 2

Router(config-if)# switchport capture allowed

vlan {add | all | except | remove} vlan_list

(Optional) With Release 12.1(13)E and later releases,

filters the captured traffic on a per-destination-VLAN

basis. The default is all.

Router(config-if)# no switchport capture allowed

vlan

Clears the configured destination VLAN list and returns

to the default value (all).

Step 3

Router(config-if)# switchport capture

Configures the port to capture VACL-filtered traffic.

Router(config-if)# no switchport capture

Disables the capture function on the interface.

Table of Contents

Other manuals for Cisco 7609

Datasheet5 pages

Frequently Asked Questions5 pages

Installing22 pages

Questions and Answers:

R
Rebecca AdkinsJul 27, 2025
How to configure IP-MLS debugging on a Cisco 7609?
- H
  Heidi BriggsJul 27, 2025
  To configure IP-MLS debugging on your Cisco Network Router, use the following command: `Router# debugging mls {ip {all | error | events | messages | multicast} | rp {all | error| events | ip | locator | packets | verbose}}`.
V
Valerie PittmanAug 8, 2025
How to disable IP-MLS debugging on a Cisco 7609?
- P
  petersonmatthewAug 8, 2025
  To disable IP-MLS debugging on your Cisco Network Router, use the command: `Router# {no debugging | undebug} {all | {mls {ip {all | error | events | messages | multicast} | rp {all | error| events | ip | locator | packets | verbose}}}}`.

Cisco 7609 Specifications

General

Chassis Slots	9
Switch Fabric Capacity	720 Gbps
Power Supply Options	AC or DC
Product Type	Router
Form Factor	Rack-mountable
Supported Line Cards	Various Cisco 7600 Series line cards
Operating System	Cisco IOS
Management	CLI, SNMP
Forwarding Performance	400 Mpps
Maximum Power Consumption	4000 Watts
Redundancy	Yes
Interfaces/Ports	Various, depending on line cards installed

Summary

Product Overview

Configuring Embedded CiscoView Support

Describes the Embedded CiscoView support available with Release 12.1(20)E and later releases.

Command-Line Interfaces

Accessing the CLI

Describes accessing the CLI through the EIA/TIA-232 Console Interface and Telnet.

Configuring the Cisco 7600 Series Router for the First Time

Default Configuration

Shows the default configuration for the Cisco 7600 Series Router.

Configuring EHSA Supervisor Engine Redundancy

Supervisor Engine Redundant Operation

Describes how EHSA redundant operation works.

Configuring RPR and RPR+ Supervisor Engine Redundancy

Understanding Supervisor Engine Redundancy

Describes supervisor engine redundancy.

Configuring Interfaces

Understanding Interface Configuration

Explains how to configure interfaces on a per-interface basis.

Configuring LAN Ports for Layer 2 Switching

Understanding How Layer 2 Switching Works

Describes how Layer 2 switching works on Cisco 7600 series routers.

Configuring VTP

Understanding How VTP Works

Explains VTP as a Layer 2 messaging protocol that maintains VLAN configuration consistency.

Configuring VLANs

Understanding How VLANs Work

Describes how VLANs work on Cisco 7600 series routers.

Configuring Private VLANs

Understanding How Private VLANs Work

Describes how private VLANs work and their port types.

Configuring Cisco IP Phone Support

Understanding Cisco IP Phone Support

Describes Cisco IP Phone support, connections, voice, data, and power configurations.

Configuring Layer 3 Interfaces

Configuring IP Routing and Addresses

Provides information on configuring Layer 3 interfaces and IP addresses.

Configuring EtherChannels

Understanding How EtherChannels Work

Describes how EtherChannels work, including bundling individual Ethernet links.

Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling

Understanding How 802.1Q Tunneling Works

Explains how 802.1Q tunneling enables service providers to support customer VLANs while preserving IDs.

Configuring STP and IEEE 802.1s MST

Understanding How STP Works

Describes how STP works, providing path redundancy and preventing loops.

Configuring Optional STP Features

Understanding How PortFast Works

Explains STP PortFast, which allows Layer 2 LAN interfaces to enter forwarding state immediately.

Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2

Understanding How Layer 3 Switching Works

Describes Layer 3 switching with PFC2 and DFCs.

Configuring IP Multicast Layer 3 Switching

Understanding How IP Multicast Layer 3 Switching Works

Describes how IP multicast Layer 3 switching works.

Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1

Understanding How IP MLS Works

Describes how IP MLS works.

Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1

Understanding How IPX MLS Works

Describes how IPX MLS works.

Configuring IGMP Snooping

Understanding How IGMP Snooping Works

Describes how IGMP snooping works.

Configuring RGMP

Understanding How RGMP Works

Describes how RGMP works.

Configuring Network Security

ACL Configuration Guidelines

Provides guidelines for Access Control List (ACL) configurations.

Configuring Denial of Service Protection

DoS Protection Overview

Explains the DoS protection available on the Cisco 7600 series router.

Configuring IEEE 802.1X Port-Based Authentication

Understanding 802.1X Port-Based Authentication

Describes the IEEE 802.1X port-based authentication protocol.

Configuring Port Security

Understanding Port Security

Describes the port security feature to restrict input to an interface.

Configuring Layer 3 Protocol Filtering on Supervisor Engine 1

Understanding How Layer 3 Protocol Filtering Works

Explains how Layer 3 protocol filtering prevents specific Layer 3 protocol packets.

Configuring Traffic Storm Control

Understanding Traffic Storm Control

Describes how traffic storm control prevents LAN ports from disruption by storms.

Configuring Broadcast Suppression

Understanding How Broadcast Suppression Works

Describes how broadcast suppression prevents LAN interfaces from disruption.

Configuring CDP

Understanding How CDP Works

Describes CDP as a protocol that runs over Layer 2.

Configuring UDLD

Understanding How UDLD Works

Describes how UDLD works.

Configuring PFC QoS

Understanding How PFC QoS Works

Describes how PFC QoS works.

Configuring NDE

Understanding How NDE Works

Describes how NetFlow Data Export (NDE) works.

Configuring Local SPAN and RSPAN

Understanding How Local SPAN and RSPAN Work

Describes how local SPAN and RSPAN work.

Configuring Web Cache Services Using WCCP

Understanding WCCP

Describes the Web Cache Communication Protocol (WCCP).

Configuring SNMP IfIndex Persistence

Understanding SNMP IfIndex Persistence

Describes the SNMP ifIndex persistence feature.

Configuring the Switch Fabric Module

Understanding How the Switch Fabric Module Works

Describes how the Switch Fabric Module works.

Power Management and Environmental Monitoring

Understanding How Power Management Works

Describes the power management features.

Appendix A Acronyms

Related product manuals

Preview: Cisco 7604

Preview: Cisco 7606-S

Preview: Cisco 7600 Series

Cisco 7600 Series

Preview: 7600-SIP-400 - SPA Interface Processor 400

7600-SIP-400 - SPA Interface Processor 400

Preview: Cisco 700 series

Cisco 700 series

Preview: Cisco 7200 Series

Cisco 7200 Series

Cisco A9K-SIP-700

Preview: Cisco 7206 - VXR Router

Cisco 7206 - VXR Router

Preview: Cisco 7246VXR - uBR Router

Cisco 7246VXR - uBR Router

7206VXR - VPN Bundle Router

WS-SUP720-3B - Supervisor Engine 720