Configuring A Port Acl - Cisco Nexus 7000 Series Configuration Manual

Configuring an IP ACL
Step 4 Configure the device group probe:
switch(config-device-group)# probe probe-id [control status] [host host-name] [frequency frequency-number
| timeout timeout | retry-down-count down-count | retry-up-count up-count | ip ipv4-address]
You can specify Internet Control Message Protocol (ICMP), TCP, UDP, or Domain Name System (DNS)
protocol as the probe for the Catena instance.
Descriptions for some of the keyword-argument pairs are provided below:
• control status—Specifies the control protocol status.
• frequency frequency-number—Specifies the time interval, in seconds, between successive probes sent
• timeout timeout—Specifies the number of seconds to wait for the probe's response.
• retry-down-count down-count—Specifies the consecutive number of times the probe must have failed
• retry-up-count up-count—Specifies the consecutive number of times the probe must have succeeded
Note
Configuring an IP ACL
Procedure
Step 1
Enter global configuration mode:
switch# configure terminal
Step 2 Create the IP ACL and enter IP ACL configuration mode:
switch(config)# ip access-list acl-name
The acl-name argument can be up to 64 characters in length.
Step 3 Create a rule in the IP ACL:
switch(config-acl)# [sequence-number] {permit | deny} protocol source destination
You can create many rules. The sequence-number range is from 1 and 4294967295. The permit and deny
keywords support different ways of identifying traffic.

Configuring a Port ACL

Port ACLs (PACLs) are used as filters in transparent mode. They are used to seggregate IP traffic for transparent
mode PACL. The traffic is redirected to a particular egress interface based on the access control entries (ACE).
Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution
10
to the node.
prior to the node being marked as DOWN.
prior to the node being marked as UP.
IPv6, TCP, UDP, and HTTP probes are not supported.
Configuring the Catena Solution