Changing An Ip Acl - Cisco Nexus 5000 Series Configuration Manual
Nx-os security configuration guide
Hide thumbs
Also See for Nexus 5000 Series:
- Cli configuration manual (660 pages) ,
- Configuration manual (334 pages) ,
- Command reference manual (196 pages)
Table of Contents
Advertisement
Configuring IP ACLs
The following example shows how to create an IPv4 ACL:
switch# configure terminal
switch(config)# ip access-list acl-01
switch(config-acl)# permit ip 192.168.2.0/24 any
switch(config-acl)# statistics
The following example shows how to create an IPv6 ACL:
switch# configure terminal
switch(config)# ipv6 access-list acl-01-ipv6
switch(config-ipv6-acl)# permit tcp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
Changing an IP ACL
You can add and remove rules in an existing IPv4 or IPv6 ACL. You cannot change existing rules. Instead,
to change a rule, you can remove it and recreate it with the desired changes.
If you need to add more rules between existing rules than the current sequence numbering allows, you can
use the resequence command to reassign sequence numbers.
SUMMARY STEPS
1. switch# configure terminal
2. switch(config)# {ip | ipv6} access-list name
3. switch(config-acl)# [sequence-number] {permit | deny} protocol source destination
4. (Optional) switch(config-acl)# no {sequence-number | {permit | deny} protocol source destination}
5. (Optional) switch(config-acl)# [no] statistics
6. (Optional) switch# show {ip | ipv6} access-lists name
7. (Optional) switch# copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
switch# configure terminal
Step 2
switch(config)# {ip | ipv6} access-list name
Step 3
switch(config-acl)# [sequence-number]
{permit | deny} protocol source destination
Step 4
switch(config-acl)# no {sequence-number
| {permit | deny} protocol source
destination}
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
78
Purpose
Enters configuration mode.
Enters IP ACL configuration mode for the ACL that you specify by name.
Creates a rule in the IP ACL. Using a sequence number allows you to
specify a position for the rule in the ACL. Without a sequence number,
the rule is added to the end of the rules. The sequence-number argument
can be a whole number between 1 and 4294967295.
The permit and deny commands support many ways of identifying
traffic. For more information, see the Cisco Nexus 5000 Series Command
Reference.
(Optional)
Removes the rule that you specified from the IP ACL.
The permit and deny commands support many ways of identifying
traffic. For more information, see the Cisco Nexus 5000 Series Command
Reference.
Changing an IP ACL
OL-20919-01
Advertisement
Table of Contents
