EasyManuals Logo

Cisco Nexus 3600 NX-OS User Manual

Cisco Nexus 3600 NX-OS
154 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #105 background imageLoading...
Page #105 background image
25 deny udp any any eq 500
26 deny tcp any eq 490 any
….. ….
1000 deny any any
Step 2: Apply PACL into system level.
configuration terminal
system acl
ip port access-group PACL-DNA in
To validate the system ACLs that are configured on the switch, use the sh run aclmgr | sec system command:
switch# sh run aclmgr | sec system
system acl
ip port access-group test in
switch#
To validate the PACLs that are configured on the switch, use the sh ip access-lists <name> [summary]
command:
switch# sh ip access-lists test
IP access list test
10 deny udp any any eq 27
20 permit ip 1.1.1.1/32 100.100.100.100/32
30 permit ip 1.2.1.1/32 100.100.100.100/32
40 permit ip 1.3.1.1/32 100.100.100.100/32
50 permit ip 1.4.1.1/32 100.100.100.100/32
60 permit ip 1.5.1.1/32 100.100.100.100/32
70 permit ip 1.6.1.1/32 100.100.100.100/32
80 permit ip 1.7.1.1/32 100.100.100.100/32
90 permit ip 1.8.1.1/32 100.100.100.100/32
switch# sh ip access-lists test summary
IPV4 ACL test
Total ACEs Configured: 12279
Configured on interfaces:
Active on interfaces:
- ingress
- ingress
switch#
To validate PACL IPv4 (ifacl) TCAM region size, use the show hardware access-list tcam region command:
switch# show hardware access-list tcam region
*********************************WARNING********************************
*****************The output shows NFE tcam region info******************
***Please refer to 'show hardware access-list tcam template' for NFE2***
************************************************************************
IPV4 PACL [ifacl] size = 12280
IPV6 PACL [ipv6-ifacl] size = 0
MAC PACL [mac-ifacl] size = 0
IPV4 Port QoS [qos] size = 640
IPV6 Port QoS [ipv6-qos] size = 256
MAC Port QoS [mac-qos] size = 0
FEX IPV4 PACL [fex-ifacl] size = 0
FEX IPV6 PACL [fex-ipv6-ifacl] size = 0
FEX MAC PACL [fex-mac-ifacl] size = 0
FEX IPV4 Port QoS [fex-qos] size = 0
FEX IPV6 Port QoS [fex-ipv6-qos] size = 0
FEX MAC Port QoS [fex-mac-qos] size = 0
IPV4 VACL [vacl] size = 0
IPV6 VACL [ipv6-vacl] size = 0
MAC VACL [mac-vacl] size = 0
IPV4 VLAN QoS [vqos] size = 0
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
91
Configuring IP ACLs
Configuration and Show Command Examples for the System ACLs

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Nexus 3600 NX-OS and is the answer not in the manual?

Cisco Nexus 3600 NX-OS Specifications

General IconGeneral
BrandCisco
ModelNexus 3600 NX-OS
CategorySwitch
LanguageEnglish

Related product manuals