Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)

Send feedback to nx5000-docfeedback@cisco.com
20-14
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 20 Configuring ACLs
Information About VLAN ACLs
To display or clear MAC ACL statistics, perform one of the following tasks:
This example shows how to create a MAC ACL named acl-mac-01 and apply it to Ethernet interface 2/1,
which is a Layer 2 interface in this example:
mac access-list acl-mac-01
permit 00c0.4f00.0000 0000.00ff.ffff any
interface ethernet 2/1
mac access-group acl-mac-01
Information About VLAN ACLs
A VLAN ACL (VACL) is one application of a MAC ACL or IP ACL. You can configure VACLs to apply
to all packets that are bridged within a VLAN. VACLs are used strictly for security packet filtering.
VACLs are not defined by direction (ingress or egress).
For more information about types and applications of ACLs, see the “Information About ACLs” section
on page 20-1.
This section includes the following topics:
VACLs and Access Maps, page 20-14
VACLs and Actions, page 20-14
Statistics, page 20-15
VACLs and Access Maps
VACLs use access maps to link an IP ACL or a MAC ACL to an action. The switch takes the configured
action on packets permitted by the VACL.
VACLs and Actions
In access map configuration mode, you use the action command to specify one of the following actions:
Forward—Sends the traffic to the destination determined by normal operation of the switch.
Drop—Drops the traffic.
Command Purpose
show mac access-lists Displays MAC ACL configuration. If the MAC
ACL includes the statistics command, the show
mac access-lists command output includes the
number of packets that have matched each rule.
clear mac access-list counters Clears statistics for all MAC ACLs or for a
specific MAC ACL.