• put
• trace
Before you begin
Enable the double-wide TCAM for the IFACL region using the hardware access-list tcam region ifacl 512
double-wide command. This command applies to the global configuration. Reload the switch for this
configuration to take into effect.
SUMMARY STEPS
1. configure terminal
2. ip access-list name
3. [sequence-number] permit protocol source destination http-method method [tcp-option-length length]
[redirect interface]
4. (Optional) show ip access-lists name
5. (Optional) show run interface interface slot/port
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Creates the IP ACL and enters IP ACL configuration mode.
The name argument can be up to 64 characters.
ip access-list name
Example:
Step 2
switch(config)# ip access-list acl-01
switch(config-acl)#
Configures the ACL to redirect specific HTTP methods to
a server.
[sequence-number] permit protocol source destination
http-method method [tcp-option-length length] [redirect
interface]
Step 3
The following HTTP methods are supported:
Example:
• connect—Matches HTTP packets with the CONNECT
method [0x434f4e4e]
switch(config-acl)# permit tcp 1.1.1.1/32 any
http-method get
• delete—Matches HTTP packets with the DELETE
method [0x44454c45]
• get—Matches HTTP packets with the GET method
[0x47455420]
• head—Matches HTTP packets with the HEAD method
[0x48454144]
• post—Matches HTTP packets with the POST method
[0x504f5354]
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
265
Configuring IP ACLs
Configuring ACLs Using HTTP Methods to Redirect Requests
To Next Page
Loading...
