Cisco nexus 5000 series Cli Configuration Manual page 276

Information About ACLs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Table 1-1 Security ACL Applications
Application Supported Interfaces
Port ACL An ACL is considered a port ACL when you apply it to one of the
following:
Ethernet interface
•
• Ethernet port-channel interface
When a port ACL is applied to a trunk port, the ACL filters traffic
on all VLANs on the trunk port.
VLAN ACL An ACL is a VACL when you use an access map to associate the
(VACL) ACL with an action, and then apply the map to a VLAN.
Application Order
When the switch processes a packet, it determines the forwarding path of the packet. The path
determines which ACLs that the switch applies to the traffic. The switch applies the ACLs in the
following order:
•
Rules
You can create rules in access-list configuration mode by using the permit or deny command. The
switch allows traffic that matches the criteria in a permit rule and blocks traffic that matches the criteria
in a deny rule. You have many options for configuring the criteria that traffic must meet in order to match
the rule.
This section includes the following topics:
•
•
•
•
•
•
Source and Destination
In each rule, you specify the source and the destination of the traffic that matches the rule. You can
specify both the source and destination as a specific host, a network or group of hosts, or any host.
Protocols
ACLs allow you to identify traffic by protocol. For your convenience, you can specify some protocols
by name. For example, in an IPv4 ACL, you can specify ICMP by name.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-2
Port ACL
Source and Destination, page 1-2
Protocols, page 1-2
Implicit Rules, page 1-3
Additional Filtering Options, page 1-3
Sequence Numbers, page 1-3
Logical Operators and Logical Operation Units, page 1-4
Chapter 1 Configuring ACLs
Types of ACLs Supported
IPv4 ACLs
IPv6 ACLs
MAC ACLs
IPv4 ACLs
IPv6 ACLs
MAC ACLs
OL-16597-01