Table of Contents
Advertisement
Configuring IPv4 ACL Logging
Step 7
This example shows how to create an IPv4 ACL:
switch# configure terminal
switch(config)# ip access-list acl-01
switch(config-acl)# permit ip 192.168.2.0/24 any
This example shows how to create an IPv6 ACL:
switch# configure terminal
switch(config)# ipv6 access-list acl-01-ipv6
switch(config-ipv6-acl)# permit tcp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
Configuring IPv4 ACL Logging
To configure the IPv4 ACL logging process, you first create the access list, then enable filtering of IPv4 traffic
on an interface using the specified ACL, and finally configure the ACL logging process parameters.
Procedure
Step 1
Step 2
Step 3
Step 4
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
82
Command or Action
switch# copy running-config
startup-config
Command or Action
configure terminal
Example:
switch# configure terminal
switch(config)#
ip access-list name
Example:
switch(config)# ip access-list
logging-test
switch(config-acl)#
{permit | deny} ip source-address
destination-address log
Example:
switch(config-acl)# permit ip any
10.30.30.0/24 log
exit
Example:
switch(config-acl)# exit
switch(config)#
Purpose
(Optional)
Copies the running configuration to the startup
configuration.
Purpose
Enters global configuration mode.
Creates an IPv4 ACL and enters IP ACL configuration
mode. The name argument can be up to 64 characters.
Creates an ACL rule that permits or denies IPv4 traffic
matching its conditions. To enable the system to generate
an informational logging message about each packet
that matches the rule, you must include the log keyword.
The source-address and destination-address arguments
can be the IP address with a network wildcard, the IP
address and variable-length subnet mask, the host
address, or any to designate any address.
Updates the configuration and exits IP ACL
configuration mode.
Configuring IP ACLs
Hide quick links:
Advertisement
Table of Contents
