•
For quality of service, ACL, or TCAM carving configuration on Cisco Nexus 3600 platform switches,
see the Cisco Nexus 3600 NX-OS Quality of Service Configuration Guide, Release 7.x for more
information.
Carving a TCAM Region
Before configuring the system ACLs, carve the TCAM region first. Note that for configuring the ACLs less
than 1k, you do not need to carve the TCAM region. See the Configuring ACL TCAM Region Sizes section
for more information.
Beginning with Cisco NX-OS Release 7.0(3)F3(4) or a later release, you can configure PACL IPv4, RACL
IPv4, and RACL IPv6 beyond 12k.
Note
Configuring System ACLs
After an IPv4 ACL is created, configure the system ACL.
Before You Begin
Create an IPv4 ACL on the device. See Creating an IP ACL, on page 81 for more information.
Procedure
PurposeCommand or Action
Enters the configuration mode.config t
Step 1
Configures the system ACL.system acl
Step 2
Applies a Layer 2 PACL to the interface. Only inbound
filtering is supported with port ACLs. You can apply one
port ACL to an interface.
ip port access-group <pacl
name> in
Step 3
Configuration and Show Command Examples for the System ACLs
See the following configuration examples for the system ACL show commands.
Configuring system PACL with 1K scale [using default TCAM]
See the following example for configuring system PACL with 1K scale [Using default TCAM].
Step 1: Create PACL.
config t
ip access-list PACL-DNA
10 permit ip 1.1.1.1/32 any
20 permit tcp 3.0.0.0/8 255.0.0.0 eq 1500
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
90
Configuring IP ACLs
Carving a TCAM Region
To Next Page
Loading...
Need help?
General
