Cisco Nexus 9000 Series Configuration Manual page 291

Configuring IP ACLs
• put
• trace
Before you begin
Enable the double-wide TCAM for the IFACL region using the hardware access-list tcam region ifacl 512
double-wide command. This command applies to the global configuration. Reload the switch for this
configuration to take into effect.
SUMMARY STEPS
1. configure terminal
2. ip access-list name
3. [sequence-number] permit protocol source destination http-method method [tcp-option-length length]
[redirect interface]
4. (Optional) show ip access-lists name
5. (Optional) show run interface interface slot/port
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
ip access-list name
Example:
switch(config)# ip access-list acl-01
switch(config-acl)#
Step 3 [sequence-number] permit protocol source destination
http-method method [tcp-option-length length] [redirect
interface]
Example:
switch(config-acl)# permit tcp 1.1.1.1/32 any
http-method get
Configuring ACLs Using HTTP Methods to Redirect Requests
Purpose
Enters global configuration mode.
Creates the IP ACL and enters IP ACL configuration mode.
The name argument can be up to 64 characters.
Configures the ACL to redirect specific HTTP methods to
a server.
The following HTTP methods are supported:
• connect—Matches HTTP packets with the CONNECT
method [0x434f4e4e]
• delete—Matches HTTP packets with the DELETE
method [0x44454c45]
• get—Matches HTTP packets with the GET method
[0x47455420]
• head—Matches HTTP packets with the HEAD method
[0x48454144]
• post—Matches HTTP packets with the POST method
[0x504f5354]
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
265