Cisco Nexus 9000 Series Configuration Manual page 284
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring UDF-Based Port ACLs
Command or Action
Step 3
hardware access-list tcam region ing-ifacl qualify {udf
udf-name | v6udf v6udf-name}
Example:
switch(config)# hardware access-list tcam region
ing-ifacl qualify udf pktoff10
Step 4
Required: copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
Step 5
Required: reload
Example:
switch(config)# reload
Step 6
ip access-list udf-acl
Example:
switch(config)# ip access-list udfacl
switch(config-acl)#
Step 7
Enter one of the following commands:
• permit udf udf-name value mask
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
258
Purpose
• offset—Specifies the number of bytes offset from the
offset base. To match the first byte from the offset base
(Layer 3/Layer 4 header), configure the offset as 0.
• length—Specifies the number of bytes from the offset.
Only 1 or 2 bytes are supported. To match additional
bytes, you must define multiple UDFs.
You can define multiple UDFs, but Cisco recommends
defining only required UDFs.
Attaches the UDFs to the ing-ifacl TCAM region, which
applies to IPv4 or IPv6 port ACLs.
The number of UDFs that can be attached to a TCAM region
varies by platform. You can attach up to 2 UDFs for Cisco
Nexus 9200 switches, up to 8 UDFs for Cisco Nexus 9300
switches, and up to 18 UDFs for IPv4 port ACLs or 7 UDFs
for IPv6 port ACLs for Cisco Nexus 9300-EX switches.
When the UDF qualifier is added, the TCAM
Note
region goes from single wide to double wide.
Make sure enough free space is available;
otherwise, this command will be rejected. If
necessary, you can reduce the TCAM space from
unused regions and then re-enter this command.
For more information, see
TCAM Region
Sizes.
The no form of this command detaches the UDFs
Note
from the TCAM region and returns the region
to single wide.
Saves the change persistently through reboots and restarts
by copying the running configuration to the startup
configuration.
Reloads the device.
Note
Your UDF configuration is effective only after
you enter copy running-config startup-config
+ reload.
Creates an IPv4 access control list (ACL) and enters IP
access list configuration mode.
Configures the ACL to match only on UDFs (example 1)
or to match on UDFs along with the current access control
entries (ACEs) for the outer packet fields (example 2). The
Configuring IP ACLs
Configuring ACL
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
