Applying An Ip-Acl To An Interface - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual
Fabric manager configuration guide, release 4.x
Hide thumbs
Also See for AP775A - Nexus Converged Network Switch 5010:
- Reference (886 pages) ,
- Command reference manual (792 pages) ,
- Configuration manual (760 pages)
Table of Contents
Advertisement
Applying an IP-ACL to an Interface
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Applying an IP-ACL to an Interface
You can define IP-ACLs without applying them. However, the IP-ACLs will have no effect until they are
applied to an interface on the switch. You can apply IP-ACLs to VSAN interfaces, the management
interface, Gigabit Ethernet interfaces on IPS modules and MPS-14/2 modules, and Ethernet PortChannel
interfaces.
Apply the IP-ACL on the interface closest to the source of the traffic.
Tip
When you are trying to block traffic from source to destination, you can apply an inbound IPv4-ACL to
M0 on Switch 1 instead of an outbound filter to M1 on Switch 3 (see
Figure 42-6
The access-group option controls access to an interface. Each interface can only be associated with one
IP-ACL per direction. The ingress direction can have a different IP-ACL than the egress direction. The
IP-ACL becomes active when applied to the interface.
Create all conditions in an IP-ACL before applying it to the interface.
Tip
If you apply an IP-ACL to an interface before creating it, all packets in that interface are dropped because
Caution
the IP-ACL is empty.
The terms in, out, source, and destination are used as referenced by the switch:
•
Tip
•
Tip
Cisco MDS 9000 Family Fabric Manager Configuration Guide
42-10
Denying Traffic on the Inbound Interface
traffic
M0
source
Switch 1
In—Traffic that arrives at the interface and goes through the switch; the source is where it
transmitted from and the destination is where it is transmitted to (on the other side of the router).
The IP-ACL applied to the interface for the ingress traffic affects both local and remote traffic.
Out—Traffic that has already been through the switch and is leaving the interface; the source is
where it transmitted from and the destination is where it is transmitted to.
The IP-ACL applied to the interface for the egress traffic only affects local traffic.
Chapter 42
M1
Switch 2
Switch 3
Configuring IPv4 and IPv6 Access Control Lists
Figure
42-6).
traffic
destination
OL-17256-03, Cisco MDS NX-OS Release 4.x
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
