Send documentation comments to mdsfeedback-doc@cisco.com
42-8
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 42 Configuring IPv4 and IPv6 Access Control Lists
Creating IPv4-ACLs or IPv6-ACLs with the IP-ACL Wizard
Figure 42-5 Create IP Filter Dialog Box
Step 7 Choose either permit or deny for the Action and set the IP Number in the Protocol field. The drop-down
menu provides common filtered protocols.
Step 8 Set the source IP address you want this filter to match against and the wildcard mask, or check the any
check box to match this filter against any IP address.
This creates an IP filter that will check the source IP address of frames.
Note The wildcard mask denotes a subset of the IP address you want to match against. This allows a
range of addresses to match against this filter.
Step 9 Set the transport layer source port range if the protocol chosen is TCP or UDP.
Step 10 Repeat Step 8 and Step 9 for the destination IP address and port range.
This creates an IP filter that will check the destination IP address of frames.
Step 11 Set the ToS, ICMPType, and ICMPCode fields as appropriate.
Step 12 Check the TCPEstablished check box if you want to match TCP connections with
ACK,FIN,PSH,RST,SYN or URG control bits set.
Step 13 Check the LogEnabled check box if you want to log all frames that match this IP filter.
Step 14 Click Create to create this IP filter and add it to your IP-ACL.
Removing IP Filters from an Existing IPv4-ACL or IPv6-ACL
To remove configured entries from an IPv4-ACL or an IPv6-ACL using Device Manager, follow these
steps:
Step 1 Choose Security > IP ACLs.
You see the IP-ACL dialog box (seeFigure 42-2).
To Next Page
Loading...
Need help?
General
