Example Ip-Acl Configuration - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Example IP-ACL Configuration

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Example IP-ACL Configuration
To define an IP-ACL that restricts management access using Device Manager, follow these steps:
Step 1 Choose Security > IP ACL.
You see the IP-ACL dialog box in
Step 2 Click Create to create an IP-ACL.
You see the Create IP ACL Profiles dialog box shown in
Enter RestrictMgmt as the profile name and click Create.
Step 3
This creates an empty IP-ACL named RestrictMgmt (see
Figure 42-8
Step 4 Select RestrictMgmt and click Rules.
You see an empty list of IP filters associated with this IP-ACL.
Click Create to create the first IP filter.
Step 5
You see the Create IP Filter dialog box shown in
Create an IP filter to allow management communications from a trusted subnet:
Step 6
a.
b.
c.
d.
Repeat Step
10.67.16.0/24 subnet.
Create an IP filter to allow ICMP ping commands:
Step 7
a.
b.
c.
Cisco MDS 9000 Family Fabric Manager Configuration Guide
42-12
RestrictMgmt Profile Added to the List
Choose the permit Action and select 0 IP from the Protocol drop-down menu.
Set the source IP address to 10.67.16.0 and the wildcard mask to 0.0.0.255.
The wildcard mask denotes a subset of the IP Address you want to match against. This
Note
allows a range of addresses to match against this filter.
Check the any check box for the destination address.
Click Create to create this IP filter and add it to the RestrictMgmt IP-ACL.
a through Step d to create an IP filter that allows communications for all addresses in the
Choose the permit Action and select 1-ICMP from the Protocol drop-down menu.
Check the any check box for the source address.
Check the any check box for the destination address.
Chapter 42
Figure 42-2.
Figure 42-3
Figure
Figure 42-5.
Configuring IPv4 and IPv6 Access Control Lists
.
42-8).
OL-17256-03, Cisco MDS NX-OS Release 4.x