Acl Types And Applications - Cisco Nexus 9000 Series Configuration Manual

ACL Types and Applications

ACL Types and Applications
The device supports the following types of ACLs for security traffic filtering:
IPv4 ACLs
IPv6 ACLs
MAC ACLs
IP and MAC ACLs have the following types of applications:
Port ACL
Router ACL
VLAN ACL
VTY ACL
This table summarizes the applications for security ACLs.
Table 12: Security ACL Applications
Application
Port ACL
Router
ACL
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
214
The device applies IPv4 ACLs only to IPv4 traffic.
The device applies IPv6 ACLs only to IPv6 traffic.
The device applies MAC ACLs only to non-IP traffic.
Filters Layer 2 traffic
Filters Layer 3 traffic
Filters VLAN traffic
Filters virtual teletype (VTY) traffic
Supported Interfaces
• Layer 2 interfaces
• Layer 2 Ethernet port-channel
interfaces
When a port ACL is applied to a trunk port,
the ACL filters traffic on all VLANs on the
trunk port.
• VLAN interfaces
• Physical Layer 3 interfaces
• Layer 3 Ethernet subinterfaces
• Layer 3 Ethernet port-channel
interfaces
• Management interfaces
You must enable VLAN
Note
interfaces globally before you can
configure a VLAN interface.
Types of ACLs Supported
• IPv4 ACLs
• IPv4 ACLs with UDF-based match for Cisco
Nexus 9200, 9300, and 9300-EX Series
switches.
• IPv6 ACLs
• IPv6 ACLs with UDF-based match for Cisco
Nexus 9300-EX Series switches.
• MAC ACLs
• IPv4 ACLs
• IPv6 ACLs
MAC ACLs are supported on Layer 3
Note
interfaces only if you enable MAC
packet classification.
Note Egress router ACLs are not supported
on subinterfaces and on Cisco Nexus
9300 Series switch uplink ports.
Configuring IP ACLs