CHAPTER 7
Configuring IP ACLs
This chapter describes how to configure IP access control lists (ACLs) on Cisco NX-OS devices.
Unless otherwise specified, the term IP ACL refers to IPv4 and IPv6 ACLs.
•
Information About ACLs, page 75
•
ACL TCAM Regions, page 78
•
Licensing Requirements for ACLs, page 79
•
Prerequisites for ACLs, page 79
•
Guidelines and Limitations for ACLs, page 80
•
Default ACL Settings, page 80
•
ACL Logging , page 81
•
Configuring IP ACLs, page 81
•
About System ACLs, page 89
•
Configuring ACL Logging, page 92
•
Configuring ACL TCAM Region Sizes, page 95
•
Configuring ACLs on Virtual Terminal Lines, page 97
Information About ACLs
An access control list (ACL) is an ordered set of rules that you can use to filter traffic. Each rule specifies a
set of conditions that a packet must satisfy to match the rule. When the switch determines that an ACL applies
to a packet, it tests the packet against the conditions of all rules. The first match determines whether the packet
is permitted or denied. If there is no match, the switch applies the applicable default rule. The switch continues
processing packets that are permitted and drops packets that are denied.
You can use ACLs to protect networks and specific hosts from unnecessary or unwanted traffic. For example,
you could use ACLs to disallow HTTP traffic from a high-security network to the Internet. You could also
use ACLs to allow HTTP traffic but only to specific sites, using the IP address of the site to identify it in an
IP ACL.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
75
To Next Page
Loading...
