For more information, see the Cisco Nexus 5000 Series Command Reference.Each rule specifies a set of conditions that a packet must satisfy to match the rule.When the switch determines that an ACL applies to a packet, it tests the packet against the conditions of all rules.
![]() If there is no match, the switch applies the applicable default rule. The switch continues processing packets that are permitted and drops packets that are denied. The switch allows you to use IP ACLs as port ACLs and VLAN ACLs, as shown in Table 1-1. The path determines which ACLs that the switch applies to the traffic. ![]() You have many options for configuring the criteria that traffic must meet in order to match the rule. You can specify both the source and destination as a specific host, a network or group of hosts, or any host. For your convenience, you can specify some protocols by name. In IPv4 ACLs, you can specify protocols by the integer that represents the Internet protocol number. For example, you can use 115 to specify Layer 2 Tunneling Protocol (L2TP) traffic. IPv4 ACLs support the following additional filtering options. Every rule that you enter receives a sequence number, either assigned by you or assigned automatically by the switch. For example, if you need to insert a rule between rules numbered 100 and 110, you could assign a sequence number of 105 to the new rule. This action allows you to move the rule without disrupting traffic. For example, if the last rule in an ACL has a sequence number of 225 and you add a rule without a sequence number, the switch assigns the sequence number 235 to the new rule. Resequencing is useful when an ACL has rules numbered contiguously, such as 100 and 101, and you need to insert one or more rules between those rules. The couples gt 10 and lt 10 would also be stored separately. Identical couples are stored separately when one of the identical couples is applied to a source port and the other couple is applied to a destination port. Any additional rules using a gt 10 couple would not result in further LOU usage. The sequence-number argument can be a whole number between 1 and 4294967295. The permit and deny commands support many ways of identifying traffic.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |