DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Creates an IPv4 ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
ip access-list name
Example:
Step 2
switch(config)# ip access-list logging-test
switch(config-acl)#
Creates an ACL rule that permits or denies IPv4 traffic
matching its conditions. To enable the system to generate
{permit | deny} ip source-address destination-address
log
Step 3
an informational logging message about each packet that
matches the rule, you must include the log keyword.
Example:
switch(config-acl)# permit ip any 10.30.30.0/24
log
The source-address and destination-address arguments
can be the IP address with a network wildcard, the IP
address and variable-length subnet mask, the host address,
or any to designate any address.
Updates the configuration and exits IP ACL configuration
mode.
exit
Example:
Step 4
switch(config-acl)# exit
switch(config)#
Enters interface configuration mode.
interface ethernet slot/port
Example:
Step 5
switch(config)# interface ethernet 1/1
switch(config-if)#
Enables the filtering of IPv4 traffic on an interface using
the specified ACL. You can apply an ACL to inbound
traffic.
ip access-group name in
Example:
switch(config-if)# ip access-group logging-test
in
Step 6
Updates the configuration and exits interface configuration
mode.
exit
Example:
Step 7
switch(config-if)# exit
switch(config)#
Configures the log-update interval (in seconds) for the
ACL logging process. The default value is 300 seconds.
The range is from 5 to 86400 seconds.
logging ip access-list cache interval interval
Example:
switch(config)# logging ip access-list cache
interval 490
Step 8
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
263
Configuring IP ACLs
Configuring IPv4 ACL Logging
To Next Page
Loading...
