PurposeCommand or Action
(Optional)
Copies the running configuration to the startup
configuration.
switch# copy running-config
startup-config
Step 7
This example shows how to create an IPv4 ACL:
switch# configure terminal
switch(config)# ip access-list acl-01
switch(config-acl)# permit ip 192.168.2.0/24 any
This example shows how to create an IPv6 ACL:
switch# configure terminal
switch(config)# ipv6 access-list acl-01-ipv6
switch(config-ipv6-acl)# permit tcp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
Configuring IPv4 ACL Logging
To configure the IPv4 ACL logging process, you first create the access list, then enable filtering of IPv4 traffic
on an interface using the specified ACL, and finally configure the ACL logging process parameters.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
switch# configure terminal
switch(config)#
Step 1
Creates an IPv4 ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
ip access-list name
Example:
switch(config)# ip access-list
logging-test
switch(config-acl)#
Step 2
Creates an ACL rule that permits or denies IPv4 traffic
matching its conditions. To enable the system to generate
{permit | deny} ip source-address
destination-address log
Step 3
an informational logging message about each packet
that matches the rule, you must include the log keyword.
Example:
switch(config-acl)# permit ip any
10.30.30.0/24 log
The source-address and destination-address arguments
can be the IP address with a network wildcard, the IP
address and variable-length subnet mask, the host
address, or any to designate any address.
Updates the configuration and exits IP ACL
configuration mode.
exit
Example:
switch(config-acl)# exit
switch(config)#
Step 4
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
82
Configuring IP ACLs
Configuring IPv4 ACL Logging
To Next Page
Loading...
