Configuration And Show Command Examples For The System Acls - Cisco Nexus 9000 Series Configuration Manual

Configuration and Show Command Examples for the System ACLs

Command or Action
Step 3 ip port access-group <pacl name> in
Configuration and Show Command Examples for the System ACLs
See the following configuration examples for the system ACL show commands.
Configuring system PACL with 1K scale [using default TCAM]
See the following example for configuring system PACL with 1K scale [Using default TCAM].
Step 1: Create PACL.
config t
ip access-list PACL-DNA
Step 2: Apply PACL into system level.
configuration terminal
system acl
To validate the system ACLs that are configured on the switch, use the sh run aclmgr | sec system command:
switch# sh run aclmgr | sec system
system acl
ip port access-group test in
switch#
To validate the PACLs that are configured on the switch, use the sh ip access-lists <name> [summary]
command:
switch# sh ip access-lists test
IP access list test
switch# sh ip access-lists test summary
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
272
10 permit ip 1.1.1.1/32 any
20 permit tcp 3.0.0.0/8 255.0.0.0 eq 1500
25 deny udp any any eq 500
26 deny tcp any eq 490 any
..... ....
1000 deny any any
ip port access-group PACL-DNA in
10 deny udp any any eq 27
20 permit ip 1.1.1.1/32 100.100.100.100/32
30 permit ip 1.2.1.1/32 100.100.100.100/32
40 permit ip 1.3.1.1/32 100.100.100.100/32
50 permit ip 1.4.1.1/32 100.100.100.100/32
60 permit ip 1.5.1.1/32 100.100.100.100/32
70 permit ip 1.6.1.1/32 100.100.100.100/32
80 permit ip 1.7.1.1/32 100.100.100.100/32
90 permit ip 1.8.1.1/32 100.100.100.100/32
Purpose
Applies a Layer 2 PACL to the interface. Only inbound
filtering is supported with port ACLs. You can apply one
port ACL to an interface.
Configuring IP ACLs