Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-16599-01, March 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch

391

392

393

394

395

396

397

398

399

400

Send comments to nx5000-docfeedback@cisco.com

6-58

Cisco Nexus 5000 Series Command Reference

OL-16599-01

Chapter 6 Security Commands

permit (IPv4)

If you do not specify a sequence number, the device assigns to the rule a sequence number that is 10

greater than the last rule in the ACL.

Command Modes IPv4 ACL configuration

Command History

Usage Guidelines When the switch applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL.

The switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of

more than one rule are satisfied, the switch enforces the rule with the lowest sequence number.

Source and Destination

You can specify the source and destination arguments in one of several ways. In each rule, the method

that you use to specify one of these arguments does not affect how you specify the other argument. When

you configure a rule, use the following methods to specify the source and destination arguments:

• IP address group object—You can use an IPv4 address group object to specify a source or

destination argument. Use the object-group ip address command to create and change IPv4 address

group objects. The syntax is as follows:

addrgroup address-group-name

The following example shows how to use an IPv4 address object group named lab-gateway-svrs to

specify the destination argument:

switch(config-acl)# permit ip any addrgroup lab-gateway-svrs

• Address and network wildcard—You can use an IPv4 address followed by a network wildcard to

specify a host or a network as a source or destination. The syntax is as follows:

IPv4-address network-wildcard

The following example shows how to specify the source argument with the IPv4 address and

network wildcard for the 192.168.67.0 subnet:

switch(config-acl)# permit tcp 192.168.67.0 0.0.0.255 any

• Address and variable-length subnet mask—You can use an IPv4 address followed by a

variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The

syntax is as follows:

IPv4-address/prefix-len

The following example shows how to specify the source argument with the IPv4 address and VLSM

for the 192.168.67.0 subnet:

switch(config-acl)# permit udp 192.168.67.0/24 any

• Host address—You can use the host keyword and an IPv4 address to specify a host as a source or

destination. The syntax is as follows:

host IPv4-address

This syntax is equivalent to IPv4-address/32 and IPv4-address 0.0.0.0.

Release Modification

4.0(0)N1(1a) This command was introduced.