Manualshelf

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide (OL-16597-01, July 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch
321322323324325326327328329330
All IPv4 ACLs include the following implicit rule:
deny ip any any
This implicit rule ensures that the switch denies unmatched IP traffic.
Additional Filtering Options
You can identify traffic by using additional options. IPv4 ACLs support the following additional filtering
options:
Layer 4 protocol
TCP and UDP ports
ICMP types and codes
IGMP types
Precedence level
Differentiated Services Code Point (DSCP) value
TCP packets with the ACK, FIN, PSH, RST, SYN, or URG bit set
Established TCP connections
IPv6 ACLs support the following additional filtering options:
Layer 4 protocol
Authentication Header Protocol
Encapsulating Security Payload
Payload Compression Protocol
Stream Control Transmission Protocol (SCTP)
SCTP, TCP, and UDP ports
ICMP types and codes
IGMP types
Flow label
DSCP value
TCP packets with the ACK, FIN, PSH, RST, SYN, or URG bit set
Established TCP connections
Packet length
Sequence Numbers
The switch supports sequence numbers for rules. Every rule that you enter receives a sequence number, either
assigned by you or assigned automatically by the switch. Sequence numbers simplify the following ACL
tasks:
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01 281
Information About ACLs
Additional Filtering Options