Cisco Nexus 5000 Series Switch CLI Software Configuration Guide (OL-16597-01, July 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch

321

322

323

324

325

326

327

328

329

330

Configuring IP ACLs

Creating an IP ACL

You can create an IPv4 or IPv6 ACL on the switch and add rules to it.

Procedure

PurposeCommand or Action

Enters configuration mode.switch# configure terminal

Step 1

Creates the IP ACL and enters IP ACL configuration

mode. The name argument can be up to 64 characters.

switch(config)# {ip | ipv6 }

access-list name

Step 2

Creates a rule in the IP ACL. You can create many rules.

The sequence-number argument can be a whole number

between 1 and 4294967295.

switch(config-acl)#

[sequence-number] {permit|deny}

protocol source destination

Step 3

The permit and deny commands support many ways of

identifying traffic. For more information, see the Cisco

Nexus 5000 Series Command Reference.

(Optional)

Specifies that the switch maintains global statistics for

packets matching the rules in the ACL.

switch(config-acl)# statistics

Step 4

(Optional)

Displays the IP ACL configuration.

switch# show {ip | ipv6} access-lists

name

Step 5

(Optional)

Copies the running configuration to the startup

configuration.

switch# copy running-config

startup-config

Step 6

The following example shows how to create an IPv4 ACL:

switch# configure terminal

switch(config)# ip access-list acl-01

switch(config-acl)# permit ip 192.168.2.0/24 any

switch(config-acl)# statistics

The following example shows how to create an IPv6 ACL:

switch# configure terminal

switch(config)# ipv6 access-list acl-01-ipv6

switch(config-ipv6-acl)# permit tcp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64

Changing an IP ACL

You can add and remove rules in an existing IPv4 or IPv6 ACL. You cannot change existing rules. Instead,

to change a rule, you can remove it and recreate it with the desired changes.

If you need to add more rules between existing rules than the current sequence numbering allows, you can

use the resequence command to reassign sequence numbers.

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

OL-16597-01 283

Configuring IP ACLs

Creating an IP ACL