Ip Access-List - Cisco AP775A - Nexus Converged Network Switch 5010 Command Reference Manual

ip access-list

S e n d c o m m e n t s t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
ip access-list
To create an IPv4 access control list (ACL) or to enter IP access list configuration mode for a specific
ACL, use the ip access-list command. To remove an IPv4 ACL, use the no form of this command.
Syntax Description
access-list-name
Command Default
No IPv4 ACLs are defined by default.
Command Modes Configuration mode
Command History Release
4.0(0)N1(1a)
Usage Guidelines Use IPv4 ACLs to filter IPv4 traffic.
When you use the ip access-list command, the switch enters IP access list configuration mode, where
you can use the IPv4 deny and permit commands to configure rules for the ACL. If the specified ACL
does not exist, the switch creates it when you enter this command.
Use the ip access-group command to apply the ACL to an interface.
Every IPv4 ACL has the following implicit rule as its last rule:
deny ip any any
This implicit rule ensures that the switch denies unmatched IP traffic.
IPv4 ACLs do not include additional implicit rules to enable the neighbor discovery process. The
Address Resolution Protocol (ARP), which is the IPv4 equivalent of the IPv6 neighbor discovery
process, uses a separate data link layer protocol. By default, IPv4 ACLs implicitly allow ARP packets
to be sent and received on an interface.
Examples
This example shows how to enter IP access list configuration mode for an IPv4 ACL named ip-acl-01:
switch(config)# ip access-list ip-acl-01
switch(config-acl)#
Cisco Nexus 5000 Series Command Reference
6-40
ip access-list access-list-name
no ip access-list access-list-name
Name of the IPv4 ACL. Can be up to 64 characters long. Names cannot
contain a space or quotation mark.
Modification
This command was introduced.
Chapter 6 Security Commands
OL-16599-01