Cisco Nexus 9000 Series Configuration Manual page 289

Configuring IP ACLs
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
ip access-list name
Example:
switch(config)# ip access-list logging-test
switch(config-acl)#
Step 3 {permit | deny} ip source-address destination-address
log
Example:
switch(config-acl)# permit ip any 10.30.30.0/24
log
Step 4
exit
Example:
switch(config-acl)# exit
switch(config)#
Step 5 interface ethernet slot/port
Example:
switch(config)# interface ethernet 1/1
switch(config-if)#
Step 6
ip access-group name in
Example:
switch(config-if)# ip access-group logging-test
in
Step 7 exit
Example:
switch(config-if)# exit
switch(config)#
Step 8
logging ip access-list cache interval interval
Example:
switch(config)# logging ip access-list cache
interval 490
Purpose
Enters global configuration mode.
Creates an IPv4 ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
Creates an ACL rule that permits or denies IPv4 traffic
matching its conditions. To enable the system to generate
an informational logging message about each packet that
matches the rule, you must include the log keyword.
The source-address and destination-address arguments
can be the IP address with a network wildcard, the IP
address and variable-length subnet mask, the host address,
or any to designate any address.
Updates the configuration and exits IP ACL configuration
mode.
Enters interface configuration mode.
Enables the filtering of IPv4 traffic on an interface using
the specified ACL. You can apply an ACL to inbound
traffic.
Updates the configuration and exits interface configuration
mode.
Configures the log-update interval (in seconds) for the
ACL logging process. The default value is 300 seconds.
The range is from 5 to 86400 seconds.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Configuring IPv4 ACL Logging
263