Configuring Vlan Acls; About Vlan Acls; Vlan Access Maps And Entries; Vacls And Actions - Cisco Nexus 9000 Series Configuration Manual

Configuring VLAN ACLs

This chapter describes how to configure VLAN access lists (ACLs) on Cisco NX-OS devices.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•

About VLAN ACLs

A VLAN ACL (VACL) is one application of an IP ACL or a MAC ACL. You can configure VACLs to apply
to all packets that are routed into or out of a VLAN or are bridged within a VLAN. VACLs are strictly for
security packet filtering and for redirecting traffic to specific physical interfaces. VACLs are not defined by
direction (ingress or egress).

VLAN Access Maps and Entries

VACLs use access maps to contain an ordered list of one or more map entries. Each map entry associates IP
or MAC ACLs to an action. Each entry has a sequence number, which allows you to control the precedence
of entries.
When the device applies a VACL to a packet, it applies the action that is configured in the first access map
entry that contains an ACL that permits the packet.

VACLs and Actions

In access map configuration mode, you use the action command to specify one of the following actions:
About VLAN ACLs, on page 295
Licensing Requirements for VACLs, on page 296
Prerequisites for VACLs, on page 296
Guidelines and Limitations for VACLs, on page 297
Default Settings for VACLs, on page 297
Configuring VACLs, on page 298
Verifying the VACL Configuration, on page 301
Monitoring and Clearing VACL Statistics, on page 301
Configuration Example for VACLs, on page 302
Additional References for VACLs, on page 302
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
12
C H A P T E R
295