Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)
CHAPTER
Send feedback to nx5000-docfeedback@cisco.com
20-1
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
20
Configuring ACLs
This chapter describes how to configure access control lists (ACLs).
This chapter includes the following sections:
• Information About ACLs, page 20-1
• Configuring IP ACLs, page 20-4
• Configuring MAC ACLs, page 20-9
• Information About VLAN ACLs, page 20-14
• Configuring VACLs, page 20-15
• Default Settings, page 20-18
Information About ACLs
An ACL is an ordered set of rules that you can use to filter traffic. Each rule specifies a set of conditions
that a packet must satisfy to match the rule. When the switch determines that an ACL applies to a packet,
it tests the packet against the conditions of all rules. The first match determines whether the packet is
permitted or denied. If there is no match, the switch applies the applicable default rule. The switch
continues processing packets that are permitted and drops packets that are denied. For more information,
see the “Implicit Rules” section on page 20-3.
You can use ACLs to protect networks and specific hosts from unnecessary or unwanted traffic. For
example, you could use ACLs to disallow HTTP traffic from a high-security network to the Internet. You
could also use ACLs to allow HTTP traffic but only to specific sites, using the IP address of the site to
identify it in an IP ACL.
This sections includes the following topics:
• IP ACL Types and Applications, page 20-1
• Rules, page 20-2
IP ACL Types and Applications
The Cisco Nexus 5000 Series switch supports IPv4, IPv6 and MAC ACLs for security traffic filtering.
The switch allows you to use IP ACLs as port ACLs and VLAN ACLs, as shown in Table 20-1.