Cisco Nexus 9000 Series Configuration Manual page 262
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Changing an IP ACL
Command or Action
Step 2
Enter one of the following commands:
• ip access-list name
• ipv6 access-list name
Example:
switch(config)# ip access-list acl-01
switch(config-acl)#
Step 3
(Optional) [sequence-number] {permit | deny} protocol
source destination
Example:
switch(config-acl)# 100 permit ip 192.168.2.0/24
any
Step 4
(Optional) [no] fragments {permit-all | deny-all}
Example:
switch(config-acl)# fragments permit-all
Step 5
(Optional) no {sequence-number | {permit | deny}
protocol source destination}
Example:
switch(config-acl)# no 80
Step 6
(Optional) [no] statistics per-entry
Example:
switch(config-acl)# statistics per-entry
Step 7
(Optional) Enter one of the following commands:
• show ip access-lists name
• show ipv6 access-lists name
Example:
switch(config-acl)# show ip access-lists acl-01
Step 8
(Optional) copy running-config startup-config
Example:
switch(config-acl)# copy running-config
startup-config
Related Topics
Changing Sequence Numbers in an IP
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
236
Purpose
Enters IP ACL configuration mode for the ACL that you
specify by name.
Creates a rule in the IP ACL. Using a sequence number
allows you to specify a position for the rule in the ACL.
Without a sequence number, the rule is added to the end of
the rules. The sequence-number argument can be a whole
number between 1 and 4294967295.
The permit and deny commands support many ways of
identifying traffic.
Optimizes fragment handling for noninitial fragments. When
a device applies to traffic an ACL that contains the
fragments command, the fragments command only
matches noninitial fragments that do not match any explicit
permit or deny commands in the ACL.
The no option removes fragment-handling optimization.
Removes the rule that you specified from the IP ACL.
The permit and deny commands support many ways of
identifying traffic.
Specifies that the device maintains global statistics for
packets that match the rules in the ACL.
The no option stops the device from maintaining global
statistics for the ACL.
Displays the IP ACL configuration.
Copies the running configuration to the startup
configuration.
ACL, on page 238
Configuring IP ACLs
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
