HP AP775A Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2(1) (OL-1 - Page 392
Source and Destination, object-group ip address
UPC - 884962062708
View all HP AP775A manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 392 highlights
permit (IPv4) Chapter 6 Security Commands Send comments to [email protected] If you do not specify a sequence number, the device assigns to the rule a sequence number that is 10 greater than the last rule in the ACL. Command Modes IPv4 ACL configuration Command History Release 4.0(0)N1(1a) Modification This command was introduced. Usage Guidelines When the switch applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL. The switch enforces the first rule whose conditions are satisfied by the packet. When the conditions of more than one rule are satisfied, the switch enforces the rule with the lowest sequence number. Source and Destination You can specify the source and destination arguments in one of several ways. In each rule, the method that you use to specify one of these arguments does not affect how you specify the other argument. When you configure a rule, use the following methods to specify the source and destination arguments: • IP address group object-You can use an IPv4 address group object to specify a source or destination argument. Use the object-group ip address command to create and change IPv4 address group objects. The syntax is as follows: addrgroup address-group-name The following example shows how to use an IPv4 address object group named lab-gateway-svrs to specify the destination argument: switch(config-acl)# permit ip any addrgroup lab-gateway-svrs • Address and network wildcard-You can use an IPv4 address followed by a network wildcard to specify a host or a network as a source or destination. The syntax is as follows: IPv4-address network-wildcard The following example shows how to specify the source argument with the IPv4 address and network wildcard for the 192.168.67.0 subnet: switch(config-acl)# permit tcp 192.168.67.0 0.0.0.255 any • Address and variable-length subnet mask-You can use an IPv4 address followed by a variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The syntax is as follows: IPv4-address/prefix-len The following example shows how to specify the source argument with the IPv4 address and VLSM for the 192.168.67.0 subnet: switch(config-acl)# permit udp 192.168.67.0/24 any • Host address-You can use the host keyword and an IPv4 address to specify a host as a source or destination. The syntax is as follows: host IPv4-address This syntax is equivalent to IPv4-address/32 and IPv4-address 0.0.0.0. 6-58 Cisco Nexus 5000 Series Command Reference OL-16599-01