Chapter 20
Configuring ACLs
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m
To apply a VACL to a VLAN, perform this task:
Command
Step 1
switch# configure terminal
Step 2
switch(config)# [no] vlan filter
map-name vlan-list list
Step 3
switch(config)# show running-config
Step 4
switch(config)# copy running-config
startup-config
Verifying VACL Configuration
To display VACL configuration information, perform one of the following tasks:
Command
show running-config aclmgr
show vlan filter
show vlan access-map
Displaying and Clearing VACL Statistics
To display or clear VACL statistics, perform one of the following tasks:
Command
show vlan access-list
clear vlan access-list counters
This example shows how to configure a VACL to forward traffic permitted by an IP ACL named
acl-ip-01 and how to apply the VACL to VLANs 50 through 82:
configure terminal
vlan access-map acl-ip-map
match ip address acl-ip-01
action forward
vlan filter acl-ip-map vlan-list 50-82
OL-16597-01
Purpose
Enters configuration mode.
Applies the VACL to the VLANs by the list that you
specified. The no option unapplies the VACL.
The vlan-list command can specify a list of up to 32
VLANs, but multiple vlan-list commands can be
configured to cover more than 32 VLANs.
(Optional) Displays ACL configuration.
(Optional) Copies the running configuration to the
startup configuration.
Purpose
Displays ACL configuration, including VACL-related
configuration.
Displays information about VACLs that are applied to
a VLAN.
Displays information about VLAN access maps.
Purpose
Displays VACL configuration. If the VLAN
access-map includes the statistics command, then the
show vlan access-list command output includes the
number of packets that have matched each rule.
Clears statistics for all VACLs or for a specific VACL.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
Configuring VACLs
20-17