EasyManua.ls Logo

Cisco Nexus 3600 NX-OS - Page 105

Cisco Nexus 3600 NX-OS
154 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
25 deny udp any any eq 500
26 deny tcp any eq 490 any
.. .
1000 deny any any
Step 2: Apply PACL into system level.
configuration terminal
system acl
ip port access-group PACL-DNA in
To validate the system ACLs that are configured on the switch, use the sh run aclmgr | sec system command:
switch# sh run aclmgr | sec system
system acl
ip port access-group test in
switch#
To validate the PACLs that are configured on the switch, use the sh ip access-lists <name> [summary]
command:
switch# sh ip access-lists test
IP access list test
10 deny udp any any eq 27
20 permit ip 1.1.1.1/32 100.100.100.100/32
30 permit ip 1.2.1.1/32 100.100.100.100/32
40 permit ip 1.3.1.1/32 100.100.100.100/32
50 permit ip 1.4.1.1/32 100.100.100.100/32
60 permit ip 1.5.1.1/32 100.100.100.100/32
70 permit ip 1.6.1.1/32 100.100.100.100/32
80 permit ip 1.7.1.1/32 100.100.100.100/32
90 permit ip 1.8.1.1/32 100.100.100.100/32
switch# sh ip access-lists test summary
IPV4 ACL test
Total ACEs Configured: 12279
Configured on interfaces:
Active on interfaces:
- ingress
- ingress
switch#
To validate PACL IPv4 (ifacl) TCAM region size, use the show hardware access-list tcam region command:
switch# show hardware access-list tcam region
*********************************WARNING********************************
*****************The output shows NFE tcam region info******************
***Please refer to 'show hardware access-list tcam template' for NFE2***
************************************************************************
IPV4 PACL [ifacl] size = 12280
IPV6 PACL [ipv6-ifacl] size = 0
MAC PACL [mac-ifacl] size = 0
IPV4 Port QoS [qos] size = 640
IPV6 Port QoS [ipv6-qos] size = 256
MAC Port QoS [mac-qos] size = 0
FEX IPV4 PACL [fex-ifacl] size = 0
FEX IPV6 PACL [fex-ipv6-ifacl] size = 0
FEX MAC PACL [fex-mac-ifacl] size = 0
FEX IPV4 Port QoS [fex-qos] size = 0
FEX IPV6 Port QoS [fex-ipv6-qos] size = 0
FEX MAC Port QoS [fex-mac-qos] size = 0
IPV4 VACL [vacl] size = 0
IPV6 VACL [ipv6-vacl] size = 0
MAC VACL [mac-vacl] size = 0
IPV4 VLAN QoS [vqos] size = 0
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
91
Configuring IP ACLs
Configuration and Show Command Examples for the System ACLs

Table of Contents

Related product manuals