Chapter 20
Configuring ACLs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
Creating an IP ACL
You can create an IPv4 ACL on the switch and add rules to it. To create an IP ACL, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# ip access-list name
Step 3
switch(config-acl)# [sequence-number]
{permit|deny} protocol source destination
Step 4
switch(config-acl)# statistics
Step 5
switch(config-acl)# show ip access-lists
name
Step 6
switch(config-acl)# copy running-config
startup-config
The following example shows how to create an IPv4 ACL:
switch# configure terminal
switch(config)# ip access-list acl-01
switch(config-acl)# permit ip 192.168.2.0/24 any
switch(config-acl)# statistics
switch(config-acl)# show ip access-lists acl-01
switch(config-acl)# copy running-config startup-config
Changing an IP ACL
You can add and remove rules in an existing IPv4 ACL. You cannot change existing rules. Instead, to
change a rule, you can remove it and recreate it with the desired changes.
If you need to add more rules between existing rules than the current sequence numbering allows, you
can use the resequence command to reassign sequence numbers. For more information, see the
"Changing Sequence Numbers in an IP ACL" section on page
OL-16597-01
Purpose
Enters configuration mode.
Creates the IP ACL and enters IP ACL
configuration mode. The name argument can be up
to 64 characters.
Creates a rule in the IP ACL. You can create many
rules. The sequence-number argument can be a
whole number between 1 and 4294967295.
The permit and deny commands support many
ways of identifying traffic. For more information,
see the Cisco Nexus 5000 Series Command
Reference.
(Optional) Specifies that the switch maintains
global statistics for packets matching the rules in
the ACL.
(Optional) Displays the IP ACL configuration.
(Optional) Copies the running configuration to the
startup configuration.
20-7.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring IP ACLs
20-5