HP Cisco MDS 9020 Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2( - Page 374
ip access-list
View all HP Cisco MDS 9020 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 374 highlights
ip access-list Chapter 6 Security Commands Send comments to [email protected] ip access-list To create an IPv4 access control list (ACL) or to enter IP access list configuration mode for a specific ACL, use the ip access-list command. To remove an IPv4 ACL, use the no form of this command. ip access-list access-list-name no ip access-list access-list-name Syntax Description access-list-name Name of the IPv4 ACL. Can be up to 64 characters long. Names cannot contain a space or quotation mark. Command Default No IPv4 ACLs are defined by default. Command Modes Configuration mode Command History Release 4.0(0)N1(1a) Modification This command was introduced. Usage Guidelines Use IPv4 ACLs to filter IPv4 traffic. When you use the ip access-list command, the switch enters IP access list configuration mode, where you can use the IPv4 deny and permit commands to configure rules for the ACL. If the specified ACL does not exist, the switch creates it when you enter this command. Use the ip access-group command to apply the ACL to an interface. Every IPv4 ACL has the following implicit rule as its last rule: deny ip any any This implicit rule ensures that the switch denies unmatched IP traffic. IPv4 ACLs do not include additional implicit rules to enable the neighbor discovery process. The Address Resolution Protocol (ARP), which is the IPv4 equivalent of the IPv6 neighbor discovery process, uses a separate data link layer protocol. By default, IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface. Examples This example shows how to enter IP access list configuration mode for an IPv4 ACL named ip-acl-01: switch(config)# ip access-list ip-acl-01 switch(config-acl)# 6-40 Cisco Nexus 5000 Series Command Reference OL-16599-01