Table of Contents
Advertisement
Chapter 20
Configuring ACLs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Statistics
The switch can maintain global statistics for each rule in a VACL. If a VACL is applied to multiple
VLANs, the maintained rule statistics are the sum of packet matches (hits) on all the interfaces on which
that VACL is applied.
Note
The Cisco Nexus 5000 Series switch does not support interface-level VACL statistics.
For each VLAN access map that you configure, you can specify whether the switch maintains statistics
for that VACL. This allows you to turn VACL statistics on or off as needed to monitor traffic filtered by
a VACL or to help troubleshoot VLAN access-map configuration.
For information about displaying VACL statistics, see the
section on page
Configuring VACLs
This section includes the following topics:
•
•
•
•
•
Creating or Changing a VACL
You can create or change a VACL. Creating a VACL includes creating an access map that associates an
IP ACL or MAC ACL with an action to be applied to the matching traffic.
To create or change a VACL, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# vlan access-map map-name
Step 3
switch(config-access-map)# match ip
address ip-access-list
switch(config-access-map)# match mac
address mac-access-list
OL-16597-01
20-9.
Creating or Changing a VACL, page 20-15
Removing a VACL, page 20-16
Applying a VACL to a VLAN, page 20-16
Verifying VACL Configuration, page 20-17
Displaying and Clearing VACL Statistics, page 20-17
"Displaying and Clearing IP ACL Statistics"
Purpose
Enters configuration mode.
Enters access map configuration mode for the
access map specified.
Specifies an IPv4 and IPV6 ACL for the map.
Specifies a MAC ACL for the map.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring VACLs
20-15
Advertisement
Chapters
Table of Contents
Troubleshooting
