IP ACL Types and Applications
The Cisco Nexus device supports IPv4, IPv6, and MAC ACLs for security traffic filtering. The switch allows
you to use IP access control lists (ACLs) as port ACLs, and Router ACLs as shown in the following table.
Table 10: Security ACL Applications
Types of ACLs SupportedSupported InterfacesApplication
IPv4 ACLs
IPv6 ACLs
MAC ACLs
An ACL is considered a port ACL when you apply it to
one of the following:
•
Ethernet interface
•
Ethernet port-channel interface
Port ACL
IPv4 ACLs
IPv6 ACLs
•
Physical Layer 3 interfaces
•
Layer 3 Ethernet subinterfaces
•
Layer 3 Ethernet port-channel interfaces
•
Layer 3 Ethernet port-channel subinterfaces
•
Management interfaces
•
Switched Virtual Interfaces (SVIs)
Router ACL
IPv4 ACLs
IPv6 ACLs
VTYsVTY ACL
Application Order
When the device processes a packet, it determines the forwarding path of the packet. The path determines
which ACLs that the device applies to the traffic. The device applies the ACLs in the following order:
1
Port ACL
2
Ingress Router ACL
Rules
You can create rules in access-list configuration mode by using the permit or deny command. The switch
allows traffic that matches the criteria in a permit rule and blocks traffic that matches the criteria in a deny
rule. You have many options for configuring the criteria that traffic must meet in order to match the rule.
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
76
Configuring IP ACLs
IP ACL Types and Applications
To Next Page
Loading...
Need help?
General