Statistics; Configuring Vacls; Creating Or Changing A Vacl - Cisco Nexus 5000 Series Configuration Manual

Configuring VACLs

Statistics

The switch can maintain global statistics for each rule in a VACL. If a VACL is applied to multiple VLANs,
the maintained rule statistics are the sum of packet matches (hits) on all the interfaces on which that VACL
is applied.
The Cisco Nexus 5000 Series switch does not support interface-level VACL statistics.
Note
For each VLAN access map that you configure, you can specify whether the switch maintains statistics for
that VACL. This allows you to turn VACL statistics on or off as needed to monitor traffic filtered by a VACL
or to help troubleshoot VLAN access-map configuration.

Configuring VACLs

Creating or Changing a VACL

You can create or change a VACL. Creating a VACL includes creating an access map that associates an IP
ACL or MAC ACL with an action to be applied to the matching traffic.
To create or change a VACL, perform this task:
SUMMARY STEPS
1. switch# configure terminal
2. switch(config)# vlan access-map map-name
3. switch(config-access-map)# match ip address ip-access-list
4. switch(config-access-map)# match mac address mac-access-list
5. switch(config-access-map)# action {drop | forward}
6. (Optional) switch(config-access-map)# [no] statistics
7. (Optional) switch(config-access-map)# show running-config
8. (Optional) switch(config-access-map)# copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1 switch# configure terminal
Step 2 switch(config)# vlan access-map map-name
Step 3 switch(config-access-map)# match ip address
ip-access-list
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
90
Purpose
Enters configuration mode.
Enters access map configuration mode for the access map
specified.
Specifies an IPv4 and IPV6 ACL for the map.
Statistics
OL-20919-01