Information About ACLs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Table 20-1
Security ACL Applications
Application
Supported Interfaces
Port ACL
An ACL is considered a port ACL when you apply it to one of the
following:
•
Ethernet interface
•
Ethernet port-channel interface
When a port ACL is applied to a trunk port, the ACL filters traffic
on all VLANs on the trunk port.
VLAN ACL
An ACL is a VACL when you use an access map to associate the
(VACL)
ACL with an action, and then apply the map to a VLAN.
Application Order
When the switch processes a packet, it determines the forwarding path of the packet. The path
determines which ACLs that the switch applies to the traffic. The switch applies the Port ACLs first.
Rules
You can create rules in access-list configuration mode by using the permit or deny command. The
switch allows traffic that matches the criteria in a permit rule and blocks traffic that matches the criteria
in a deny rule. You have many options for configuring the criteria that traffic must meet in order to match
the rule.
This section includes the following topics:
•
•
•
•
•
•
Source and Destination
In each rule, you specify the source and the destination of the traffic that matches the rule. You can
specify both the source and destination as a specific host, a network or group of hosts, or any host.
Protocols
ACLs allow you to identify traffic by protocol. For your convenience, you can specify some protocols
by name. For example, in an IPv4 ACL, you can specify ICMP by name.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
20-2
Source and Destination, page 20-2
Protocols, page 20-2
Implicit Rules, page 20-3
Additional Filtering Options, page 20-3
Sequence Numbers, page 20-3
Logical Operators and Logical Operation Units, page 20-4
Chapter 20
Configuring ACLs
Types of ACLs Supported
IPv4 ACLs
IPv6 ACLs
MAC ACLs
IPv4 ACLs
IPv6 ACLs
MAC ACLs
OL-16597-01