HP Cisco MDS 9020 - Fabric Switch Configuration Manual page 808
Cisco mds 9000 family cli configuration guide, release 3.x (ol-16184-01, april 2008)
Hide thumbs
Also See for Cisco MDS 9020 - Fabric Switch:
- Service manual (242 pages) ,
- Configuration manual (1384 pages) ,
- Handbook (141 pages)
Table of Contents
Advertisement
Applying an IP-ACL to an Interface
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Figure 33-1
The access-group option controls access to an interface. Each interface can only be associated with one
IP-ACL per direction. The ingress direction can have a different IP-ACL than the egress direction. The
IP-ACL becomes active when applied to the interface.
Create all conditions in an IP-ACL before applying it to the interface.
Tip
If you apply an IP-ACL to an interface before creating it, all packets in that interface are dropped because
Caution
the IP-ACL is empty.
The terms in, out, source, and destination are used as referenced by the switch:
In—Traffic that arrives at the interface and goes through the switch; the source is where it
•
transmitted from and the destination is where it is transmitted to (on the other side of the router).
Tip
Out—Traffic that has already been through the switch and is leaving the interface; the source is
•
where it transmitted from and the destination is where it is transmitted to.
Tip
To apply an IPv4-ACL to an interface, follow these steps:
Command
Step 1
switch# config t
Step 2
switch(config)# interface mgmt0
switch(config-if)#
Step 3
switch(config-if)# ip access-group restrict_mgmt
switch(config-if)# no ip access-group NotRequired
Cisco MDS 9000 Family CLI Configuration Guide
33-10
Denying Traffic on the Inbound Interface
traffic
M0
source
Switch 1
The IP-ACL applied to the interface for the ingress traffic affects both local and remote traffic.
The IP-ACL applied to the interface for the egress traffic only affects local traffic.
Chapter 33
M1
Switch 2
Switch 3
Purpose
Enters configuration mode.
Configures a management interface
(mgmt0).
Applies an IPv4-ACL called
restrict_mgmt for both the ingress and
egress traffic (default).
Removes the IPv4-ACL called
NotRequired.
Configuring IPv4 and IPv6 Access Control Lists
traffic
destination
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Advertisement
Chapters
Table of Contents
Troubleshooting
