Configuring IP ACLs
Applying an IP ACL as a Port ACL
You can apply an IPv4 or IPv6 ACL to a physical Ethernet interface or a EtherChannel. ACLs applied to
these interface types are considered port ACLs.
Note
Some configuration parameters when applied to an EtherChannel are not reflected on the configuration
of the member ports.
SUMMARY STEPS
1. switch# configure terminal
2. switch(config)# interface {ethernet [chassis/]slot/port | port-channel channel-number}
3. switch(config-if)# {ip port access-group | ipv6 port traffic-filter} access-list in
4. (Optional) switch# show running-config
5. (Optional) switch# copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
switch# configure terminal
Step 2
switch(config)# interface {ethernet
[chassis/]slot/port | port-channel channel-number}
Step 3
switch(config-if)# {ip port access-group | ipv6 port
traffic-filter} access-list in
Step 4
switch# show running-config
Step 5
switch# copy running-config startup-config
Verifying IP ACL Configurations
To display IP ACL configuration information, perform one of the following tasks:
SUMMARY STEPS
1. switch# show running-config
2. switch# show running-config interface
Cisco Nexus 5000 Series NX-OS Security Configuration Guide
82
Purpose
Enters configuration mode.
Enters interface configuration mode for the specified
interface.
Applies an IPv4 or IPv6 ACL to the interface or
EtherChannel. Only inbound filtering is supported with port
ACLs. You can apply one port ACL to an interface.
(Optional)
Displays ACL configuration.
(Optional)
Copies the running configuration to the startup configuration.
Applying an IP ACL as a Port ACL
OL-20919-01