Send documentation comments to mdsfeedback-doc@cisco.com
42-2
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 42 Configuring IPv4 and IPv6 Access Control Lists
IPv4-ACL and IPv6-ACL Configuration Guidelines
IPv4-ACL and IPv6-ACL Configuration Guidelines
Follow these guidelines when configuring IPv4-ACLs or IPv6-ACLs in any switch or director in the
Cisco MDS 9000 Family:
• You can apply IPv4-ACLs or IPv6-ACLs to VSAN interfaces, the management interface, Gigabit
Ethernet interfaces on IPS modules and MPS-14/2 modules, and Ethernet PortChannel interfaces.
Tip If IPv4-ACLs or IPv6-ACLs are already configured in a Gigabit Ethernet interface, you cannot
add this interface to an Ethernet PortChannel group. See the
“Gigabit Ethernet IPv4-ACL
Guidelines” section on page 53-6 for guidelines on configuring IPv4-ACLs.
Caution Do not apply IPv4-ACLs or IPv6-ACLs to only one member of a PortChannel group. Apply
IPv4-ACLs or IPv6-ACLs to the entire channel group.
• Configure the order of conditions accurately. As the IPv4-ACL or the IPv6-ACL filters are
sequentially applied to the IP flows, only the first match determines the action taken. Subsequent
matches are not considered. Be sure to configure the most important condition first. If no conditions
match, the software drops the packet.
• Configure explicit deny on the IP Storage Gigabit Ethernet ports to apply IP ACLs because implicit
deny does not take effect on these ports.
About Filter Contents
An IP filter contains rules for matching an IP packet based on the protocol, address, port, ICMP type,
and type of service (TS).
This section includes the following topics:
• Protocol Information, page 42-2
• Address Information, page 42-3
• Port Information, page 42-3
• ICMP Information, page 42-4
• ToS Information, page 42-5
Protocol Information
The protocol information is required in each filter. It identifies the name or number of an IP protocol.
You can specify the IP protocol in one of two ways:
• Specify an integer ranging from 0 to 255. This number represents the IP protocol.
• Specify the name of a protocol including, but not restricted to, Internet Protocol (IP), Transmission
Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol
(ICMP).
To Next Page
Loading...
Need help?
General
