Configuring Vacls; Creating A Vacl Or Adding A Vacl Entry - Cisco Nexus 9000 Series Configuration Manual

Configuring VACLs

Configuring VACLs

Creating a VACL or Adding a VACL Entry

You can create a VACL or add entries to an existing VACL. In both cases, you create a VACL entry, which
is a VLAN access-map entry that associates one or more ACLs with an action to be applied to the matching
traffic.
Before you begin
Ensure that the ACLs that you want to use in the VACL exist and are configured to filter traffic in the manner
that you need for this application.
SUMMARY STEPS
1. configure terminal
2. vlan access-map map-name [sequence-number]
3. Enter one of the following commands:
4. action {drop | forward | redirect}
5. (Optional) [no] statistics per-entry
6. (Optional) show running-config aclmgr
7. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
vlan access-map map-name [sequence-number]
Example:
switch(config)# vlan access-map acl-mac-map
switch(config-access-map)#
Step 3 Enter one of the following commands:
• match {ip | ipv6} address ip-access-list
• match mac address mac-access-list
Example:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
298
• match {ip | ipv6} address ip-access-list
• match mac address mac-access-list
Purpose
Enters global configuration mode.
Enters VLAN access-map configuration mode for the
VLAN access map specified. If the VLAN access map does
not exist, the device creates it.
If you do not specify a sequence number, the device creates
a new entry whose sequence number is 10 greater than the
last sequence number in the access map.
Specifies an ACL for the access-map entry.
Configuring VLAN ACLs