Configuring IP ACLs
Default Settings for IP ACLs
This table lists the default settings for IP ACL parameters.
Table 14: Default IP ACL Parameters
Parameters
IP ACLs
IP ACL
entries
ACL rules
Object groups
Time ranges
Related Topics
Configuring IP ACLs
Creating an IP ACL
You can create an IPv4 ACL or IPv6 ACL on the device and add rules to it.
Before you begin
We recommend that you perform the ACL configuration using the Session Manager. This feature allows you
to verify the ACL configuration and confirm that the resources required by the configuration are available
prior to committing them to the running configuration. This feature is especially useful for ACLs that include
more than about 1000 rules.
SUMMARY STEPS
1. configure terminal
2. Enter one of the following commands:
3. (Optional) fragments {permit-all | deny-all}
4. [sequence-number] {permit | deny} protocol {source-ip-prefix | source-ip-mask} {destination-ip-prefix
| destination-ip-mask}
5. (Optional) statistics per-entry
6. (Optional) Enter one of the following commands:
Default
No IP ACLs exist by default
1024
Implicit rules apply to all ACLs
No object groups exist by default
No time ranges exist by default
Implicit Rules for IP and MAC
• ip access-list name
• ipv6 access-list name
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
ACLs, on page 217
Default Settings for IP ACLs
233