Configuring Access Control Lists; Information About Acls; Ip Acl Types And Applications - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Configuring Access Control Lists

This chapter contains the following sections:
•
•
•
•
•
•
•
•

Information About ACLs

An access control list (ACL) is an ordered set of rules that you can use to filter traffic. Each rule specifies a
set of conditions that a packet must satisfy to match the rule. When the switch determines that an ACL applies
to a packet, it tests the packet against the conditions of all rules. The first match determines whether the packet
is permitted or denied. If there is no match, the switch applies the applicable default rule. The switch continues
processing packets that are permitted and drops packets that are denied.
You can use ACLs to protect networks and specific hosts from unnecessary or unwanted traffic. For example,
you could use ACLs to disallow HTTP traffic from a high-security network to the Internet. You could also
use ACLs to allow HTTP traffic but only to specific sites, using the IP address of the site to identify it in an
IP ACL.

IP ACL Types and Applications

The Cisco Nexus 5000 Series switch supports IPv4, IPv6, and MAC ACLs for security traffic filtering. The
switch allows you to use IP ACLs as port ACLs and VLAN ACLs, as shown in the following table.
OL-16597-01
Information About ACLs, page 279
Configuring IP ACLs, page 283
Configuring MAC ACLs, page 287
Example Configuration for MAC ACLs, page 291
Information About VLAN ACLs, page 291
Configuring VACLs, page 292
Example Configuration for VACL, page 295
Default ACL Settings, page 295
C H A P T E R
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
21
279