Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

ManualsBrandsHP ManualsStorageCisco MDS 9513 with Supervisor 2 Director Switch

291

292

293

294

295

296

297

298

299

300

Send feedback to nx5000-docfeedback@cisco.com

20-5

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01

Chapter 20 Configuring ACLs

Configuring IP ACLs

Creating an IP ACL

You can create an IPv4 ACL on the switch and add rules to it. To create an IP ACL, perform this task:

The following example shows how to create an IPv4 ACL:

switch# configure terminal

switch(config)# ip access-list acl-01

switch(config-acl)# permit ip 192.168.2.0/24 any

switch(config-acl)# statistics

switch(config-acl)# show ip access-lists acl-01

switch(config-acl)# copy running-config startup-config

Changing an IP ACL

You can add and remove rules in an existing IPv4 ACL. You cannot change existing rules. Instead, to

change a rule, you can remove it and recreate it with the desired changes.

If you need to add more rules between existing rules than the current sequence numbering allows, you

can use the resequence command to reassign sequence numbers. For more information, see the

“Changing Sequence Numbers in an IP ACL” section on page 20-7.

Command Purpose

Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# ip access-list name

Creates the IP ACL and enters IP ACL

configuration mode. The name argument can be up

to 64 characters.

Step 3

switch(config-acl)# [sequence-number]

{permit|deny} protocol source destination

Creates a rule in the IP ACL. You can create many

rules. The sequence-number argument can be a

whole number between 1 and 4294967295.

The permit and deny commands support many

ways of identifying traffic. For more information,

see the Cisco Nexus 5000 Series Command

Reference.

Step 4

switch(config-acl)# statistics

(Optional) Specifies that the switch maintains

global statistics for packets matching the rules in

the ACL.

Step 5

switch(config-acl)# show ip access-lists

name

(Optional) Displays the IP ACL configuration.

Step 6

switch(config-acl)# copy running-config

startup-config

(Optional) Copies the running configuration to the

startup configuration.