Implicit Rules; Additional Filtering Options - Cisco Nexus 5000 Series Configuration Manual
Nx-os security configuration guide
Hide thumbs
Also See for Nexus 5000 Series:
- Cli configuration manual (660 pages) ,
- Configuration manual (334 pages) ,
- Command reference manual (196 pages)
Table of Contents
Advertisement
Configuring Access Control Lists
Implicit Rules
IP ACLs have implicit rules, which means that although these rules do not appear in the running configuration,
the switch applies them to traffic when no other rules in an ACL match.
All IPv4 ACLs include the following implicit rule:
deny ip any any
This implicit rule ensures that the switch denies unmatched IP traffic.
Additional Filtering Options
You can identify traffic by using additional options. IPv4 ACLs support the following additional filtering
options:
• Layer 4 protocol
• TCP and UDP ports
• ICMP types and codes
• IGMP types
• Precedence level
• Differentiated Services Code Point (DSCP) value
• TCP packets with the ACK, FIN, PSH, RST, SYN, or URG bit set
• Established TCP connections
IPv6 ACLs support the following additional filtering options:
• Layer 4 protocol
• Authentication Header Protocol
• Encapsulating Security Payload
• Payload Compression Protocol
• Stream Control Transmission Protocol (SCTP)
• SCTP, TCP, and UDP ports
• ICMP types and codes
• IGMP types
• Flow label
• DSCP value
• TCP packets with the ACK, FIN, PSH, RST, SYN, or URG bit set
• Established TCP connections
• Packet length
OL-20919-01
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
Implicit Rules
75
Advertisement
Table of Contents
