Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 4506 trustsec question

Does anybody out there have a seed device configuration for a Cisco 4506 switch? The device in question is a 4506-E with a sup 7L-E. I've followed what I can find in the Trustsec documentation and can get the PAC provisioned but it fails on sending the environment data.

Any help would be appreciated.

 

Thanks

Alan

2 REPLIES
Cisco Employee

Hi Alan,Please make sure that

Hi Alan,

Please make sure that you have configured the PAC according to the following :

• There can be at most one IPv4, one IPv6, and one MAC access list applied to the same Layer 2
interface per direction.
• The IPv4 access list filters only IPv4 packets, the IPv6 access list filters only IPv6 packets, and the
MAC access list filters only non-IP packets.
• The number of ACLs and ACEs that can be configured as part of a PACL are bounded by the
hardware resources on the switch. Those hardware resources are shared by various ACL features 
(for example, RACL, VACL) that are configured on the system. If insufficient hardware resources
to program PACL exist in hardware, the actions for input and output PACLs differ:
– For input PACLs, some packets are sent to CPU for software forwarding.
– For output PACLs, the PACL is disabled on the port.
• If insufficient hardware resources exist to program the PACL, the output PACL is not applied to the
port, and you receive a warning message.
• The input ACL logging option is supported, although logging is not supported for output ACLs.
• The access group mode can change the way PACLs interact with other ACLs. To maintain consistent
behavior across Cisco platforms, use the default access group mode.
• If a PACL is removed when there are active sessions on a port, a hole (permit ip any any) is installed
on the port.

For step by step configuration, please go through the following link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-5-0E/15-21E/configuration/guide/config.pdf

 

New Member

muhmunir Thanks for the link

muhmunir

 

Thanks for the link - I'll go through that link and check it all out from there.

 

Regards

Alan

48
Views
0
Helpful
2
Replies