Table 13: Default MAC ACLs Parameters
DefaultParameters
No MAC ACLs exist by default.MAC ACLs
Implicit rules apply to all ACLs .ACL rules
ACL Logging
The Cisco Nexus device supports ACL logging, which allows you to monitor flows that hit specific access
control lists (ACLs). To enable the feature for the ACL entry, configure specific ACEs with the optional log
keyword.
Configuring IP ACLs
Creating an IP ACL
You can create an IPv4 or IPv6 ACL on the switch and add rules to it.
Procedure
PurposeCommand or Action
Enters global configuration mode.switch# configure terminal
Step 1
Creates the IP ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
switch(config)# {ip | ipv6} access-list
name
Step 2
Creates the IP ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
switch(config)# ip access-list name
Step 3
Creates a rule in the IP ACL. You can create many rules.
The sequence-number argument can be a whole number
between 1 and 4294967295.
switch(config-acl)#
[sequence-number] {permit | deny}
protocol source destination
Step 4
The permit and deny commands support many ways of
identifying traffic. For more information, see the
Command Reference for the specific Cisco Nexus device.
(Optional)
Displays the IP ACL configuration.
switch# show {ip | ipv6} access-lists
name
Step 5
(Optional)
Displays the IP ACL configuration.
switch# show ip access-lists name
Step 6
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
81
Configuring IP ACLs
ACL Logging
To Next Page
Loading...
