Gigabit Ethernet Ip-Acl Guidelines; Applying Ip-Acls On Gigabit Ethernet Interfaces - Cisco DS-X9530-SF1-K9 - Supervisor-1 Module - Control Processor Configuration Manual

Configuring Gigabit Ethernet Interfaces
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .

Gigabit Ethernet IP-ACL Guidelines

If IP-ACLs are already configured in a Gigabit Ethernet interface, you cannot add this interface to a
Tip
Ethernet PortChannel group. See the
configuring IP-ACLs.
Follow these guidelines when configuring IP-ACLs for Gigabit Ethernet interfaces:
•
•
•

Applying IP-ACLs on Gigabit Ethernet Interfaces

To apply an IP-ACL on an Gigabit Ethernet interface, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# interface gigabitethernet 3/1
switch(config-if)#
Step 3
switch(config-if)# ip access-group SampleName
Cisco MDS 9000 Family Configuration Guide
37-10
64 bytes from 10.100.1.25: icmp_seq=2 ttl=255 time=0.1 ms
--- 10.100.1.25 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.1 ms
Only use Transmission Control Protocol (TCP) or Internet Control Message Protocol (ICMP).
Note Other protocols like, User Datagram Protocol (UDP) and HTTP, are not supported in Gigabit
Ethernet interfaces. Applying an ACL that contains rules for these protocols to a Gigabit
Ethernet interface is allowed but those rules have no effect.
Apply IP-ACLs to the interface before you enable an interface. This ensures that the filters are in
place before traffic starts flowing.
Be aware of the following conditions:
If you use the log-deny option, a maximum of 50 messages are logged per second.
–
The established, precedence, and fragments options are ignored when you apply IP-ACLs
–
(containing these options) to Gigabit Ethernet interfaces.
If an IP-ACL rule applies to a pre-existing TCP connection, that rule is ignored. For example if
–
there is an existing TCP connection between A and B and an IP-ACL which specifies dropping
all packets whose source is A and destination is B is subsequently applied, it will have no effect.
"IP Access Control Lists" section on page 29-1
Purpose
Enters configuration mode.
Configures a Gigabit Ethernet interface
(3/1).
Applies the IP-ACL SampleName on
Gigabit Ethernet 3/1 for both ingress and
egress traffic (if the association does not
exist already).
Chapter 37 Configuring IP Storage
for information on
OL-6973-03, Cisco MDS SAN-OS Release 2.x