Default Settings for IP ACLs
This table lists the default settings for IP ACL parameters.
Table 14: Default IP ACL Parameters
DefaultParameters
No IP ACLs exist by defaultIP ACLs
1024IP ACL
entries
Implicit rules apply to all ACLsACL rules
No object groups exist by defaultObject groups
No time ranges exist by defaultTime ranges
Related Topics
Implicit Rules for IP and MAC ACLs, on page 217
Configuring IP ACLs
Creating an IP ACL
You can create an IPv4 ACL or IPv6 ACL on the device and add rules to it.
Before you begin
We recommend that you perform the ACL configuration using the Session Manager. This feature allows you
to verify the ACL configuration and confirm that the resources required by the configuration are available
prior to committing them to the running configuration. This feature is especially useful for ACLs that include
more than about 1000 rules.
SUMMARY STEPS
1. configure terminal
2. Enter one of the following commands:
• ip access-list name
• ipv6 access-list name
3. (Optional) fragments {permit-all | deny-all}
4. [sequence-number] {permit | deny} protocol {source-ip-prefix | source-ip-mask} {destination-ip-prefix
| destination-ip-mask}
5. (Optional) statistics per-entry
6. (Optional) Enter one of the following commands:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
233
Configuring IP ACLs
Default Settings for IP ACLs
To Next Page
Loading...
