Chapter 16 Acls; Information About Access Control Lists; Acl Configuration Limits - Cisco Nexus 1000V Troubleshooting Manual

ACLs
This chapter describes how to identify and resolve problems that relate to Access Control Lists (ACLs)
and includes the following sections:
•
•
•
•
•
•
•

Information About Access Control Lists

An ACL is an ordered set of rules for filtering traffic. When the device determines that an ACL applies
to a packet, it tests the packet against the rules. The first matching rule determines whether the packet is
permitted or denied. If there is no match, the device applies a default rule. The device processes packets
that are permitted and drops packets that are denied.
ACLs protect networks and specific hosts from unnecessary or unwanted traffic. For example, ACLs are
used to disallow HTTP traffic from a high-security network to the Internet. ACLs also allow HTTP traffic
but only to specific sites, using the IP address of the site to identify it in an IP ACL.
The following types of ACLs are supported for filtering traffic:
•
•
•
For detailed information about how ACL rules are used to configure network traffic, see the Cisco Nexus
1000V Security Configuration Guide.

ACL Configuration Limits

The following configuration limits apply to ACLs:
•
OL-31593-01
Information About Access Control Lists, page 16-1
ACL Configuration Limits, page 16-1
ACL Restrictions, page 16-2
ACL Troubleshooting Commands, page 16-2
Displaying ACL Policies on the VEM, page 16-2
Debugging Policy Verification Issues, page 16-3
Troubleshooting ACL Logging, page 16-3
IP ACLs—The device applies IP ACLs only to IP traffic.
MAC ACLs—The device applies MAC ACLs only to non-IP traffic.
IPv6—The device applies IPv6 ACLs only to IPv6 traffic
You cannot have more that 128 rules in an ACL.
C H A P T E R
Cisco Nexus 1000V Troubleshooting Guide, Release 5.2(1)SV3(1.1)
16
16-1