Creating an IP ACL
Configuring IP ACLs
Creating an IP ACL
You can create an IPv4 or IPv6 ACL on the switch and add rules to it.
SUMMARY STEPS
1. switch# configure terminal
2. switch(config)# {ip | ipv6 } access-list name
3. switch(config-acl)# [sequence-number] {permit|deny} protocol source destination
4. (Optional) switch(config-acl)# statistics
5. (Optional) switch# show {ip | ipv6} access-lists name
6. (Optional) switch# copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
switch# configure terminal
Step 2
switch(config)# {ip | ipv6 } access-list name
Step 3
switch(config-acl)# [sequence-number]
{permit|deny} protocol source destination
Step 4
switch(config-acl)# statistics
Step 5
switch# show {ip | ipv6} access-lists name
Step 6
switch# copy running-config startup-config
OL-20919-01
in the use of one whole LOU. Any additional rules using a "gt 10" couple would not result in further
LOU usage.
Purpose
Enters configuration mode.
Creates the IP ACL and enters IP ACL configuration mode. The
name argument can be up to 64 characters.
Creates a rule in the IP ACL. You can create many rules. The
sequence-number argument can be a whole number between 1 and
4294967295.
The permit and deny commands support many ways of identifying
traffic. For more information, see the Cisco Nexus 5000 Series
Command Reference.
(Optional)
Specifies that the switch maintains global statistics for packets
matching the rules in the ACL.
(Optional)
Displays the IP ACL configuration.
(Optional)
Copies the running configuration to the startup configuration.
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
Configuring IP ACLs
77