Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)
Send feedback to nx5000-docfeedback@cisco.com
20-8
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 20 Configuring ACLs
Configuring IP ACLs
The following example shows how to apply an IPv4 or IPv6 ACL to the port channel:
switch# configure terminal
switch(config)# interface port-channel 5
switch(config-if)# ip port access-group acl-l2-marketing-group in
switch(config-if)# show running-config
switch(config-if)# copy running-config startup-config
This example shows how to create an IPv4 ACL named acl-01 and apply it to Ethernet interface 2/1,
which is a Layer 2 interface:
ip access-list acl-01
permit ip 192.168.2.0/24 any
interface ethernet 2/1
ip access-group acl-01 in
Applying an IP ACL as a VACL
For information about configuring VACLs, see “Configuring VACLs” section on page 20-15.
Verifying IP ACL Configurations
To display IP ACL configuration information, perform one of the following tasks:
For detailed information about the fields in the output from these commands, refer to the Cisco Nexus
5000 Series Command Reference.
Step 3
switch(config-if)# ipv6 port
traffic-filter <name> in
Applies an IPv6 port access-list.
Step 4
switch(config-if)# ip port access-group
access-list in
Applies an IPv4 ACL to the interface or port
channel. Only inbound filtering is supported with
port ACLs. You can apply one port ACL to an
interface.
Step 5
switch(config-if)# show running-config
(Optional) Displays ACL configuration.
Step 6
switch(config-if)# copy running-config
startup-config
(Optional) Copies the running configuration to the
startup configuration.
Command Purpose
Command Purpose
show running-config Displays ACL configuration, including IP ACL
configuration and interfaces that IP ACLs are
applied to.
show ip access-lists Displays the IP ACL configuration.
show running-config interface Displays the configuration of an interface to
which you have applied an ACL.