Cisco Nexus 7000 Series Command Reference Manual page 576

Hide thumbs Also See for Nexus 7000 Series:
Table of Contents

Advertisement

permit (IPv4)
• icmp—Specifies that the rule applies to ICMP traffic only. When you use this keyword, the icmp-message
argument is available, in addition to the keywords that are available for all valid values of the protocol
argument.
• igmp—Specifies that the rule applies to IGMP traffic only. When you use this keyword, the igmp-type
argument is available, in addition to the keywords that are available for all valid values of the protocol
argument.
• ip—Specifies that the rule applies to all IPv4 traffic.
• nos—Specifies that the rule applies to KA9Q NOS-compatible IP-over-IP tunneling traffic only.
• ospf—Specifies that the rule applies to Open Shortest Path First (OSPF) traffic only.
• pcp—Specifies that the rule applies to payload compression protocol (PCP) traffic only.
• pim—Specifies that the rule applies to protocol-independent multicast (PIM) traffic only.
• tcp—Specifies that the rule applies to TCP traffic only. When you use this keyword, the flags and
operator arguments and the portgroup and established keywords are available, in addition to the
keywords that are available for all valid values of the protocol argument.
• udp—Specifies that the rule applies to UDP traffic only. When you use this keyword, the operator
argument and the portgroup keyword are available, in addition to the keywords that are available for
all valid values of the protocol argument.
Source and Destination
You can specify the source and destination arguments in one of several ways. In each rule, the method you
use to specify one of these arguments does not affect how you specify the other. When you configure a rule,
use the following methods to specify the source and destination arguments:
• IP address group object—You can use an IPv4 address group object to specify a source or destination
argument. Use the object-group ip address command to create and change IPv4 address group objects.
The syntax is as follows:
addrgroup
address-group-name
The following example shows how to use an IPv4 address object group named lab-gateway-svrs to specify
the destination argument:
switch(config-acl)# permit ip any addrgroup lab-gateway-svrs
• Address and network wildcard—You can use an IPv4 address followed by a network wildcard to specify
a host or a network as a source or destination. The syntax is as follows:
IPv4-address network-wildcard
The following example shows how to specify the source argument with the IPv4 address and network wildcard
for the 192.168.67.0 subnet:
switch(config-acl)# permit tcp 192.168.67.0 0.0.0.255 any
• Address and variable-length subnet mask—You can use an IPv4 address followed by a variable-length
subnet mask (VLSM) to specify a host or a network as a source or destination. The syntax is as follows:
IPv4-address/prefix-len
Cisco Nexus 7000 Series Security Command Reference
550
P Commands

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents