Configuring IP ACLs
Monitoring and Clearing IP ACL Statistics
To monitor or clear IP ACL statistics, use one of the commands in this table.
Command
show ip access-lists
show ipv6 access-lists
clear ip access-list counters
clear ipv6 access-list counters
Configuration Examples for IP ACLs
The following example shows how to create an IPv4 ACL named acl-01 and apply it as a port ACL to Ethernet
interface 2/1, which is a Layer 2 interface:
ip access-list acl-01
permit ip 192.168.2.0/24 any
interface ethernet 2/1
ip port access-group acl-01 in
The following example shows how to create an IPv6 ACL named acl-120 and apply it as a router ACL to
Ethernet interface 2/3, which is a Layer 3 interface:
ipv6 access-list acl-120
permit tcp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
permit udp 2001:0db8:85a3::/48 2001:0db8:be03:2112::/64
permit tcp 2001:0db8:69f2::/48 2001:0db8:be03:2112::/64
permit udp 2001:0db8:69f2::/48 2001:0db8:be03:2112::/64
interface ethernet 2/3
ipv6 traffic-filter acl-120 in
The following example shows how to create a VTY ACL named single-source and apply it on input IP traffic
over the VTY line. This ACL allows all TCP traffic through and drops all other IP traffic:
ip access-list single-source
permit tcp 192.168.7.5/24 any
exit
line vty
ip access-class single-source in
show ip access-lists
The following example shows how to configure IPv4 ACL logging:
switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# ip access-list logging-test
Purpose
Displays the IPv4 ACL configuration. If the IPv4 ACL includes the statistics
per-entry command, the show ip access-lists command output includes
the number of packets that have matched each rule.
Displays IPv6 ACL configuration. If the IPv6 ACL includes the statistics
per-entry command, then the show ipv6 access-lists command output
includes the number of packets that have matched each rule.
Clears statistics for all IPv4 ACLs or for a specific IPv4 ACL.
Clears statistics for all IPv6 ACLs or for a specific IPv6 ACL.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Monitoring and Clearing IP ACL Statistics
269