Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5240
Views
0
Helpful
1
Replies

ACL to allow http traffic

techmail4sam
Level 1
Level 1

‎07-21-2009 05:00 AM

Hi,

I want to allow only http traffic from my VM.

There is a port-profile "vmdata" assigned to these VM NIC.

Is it required to have two rules to allow http traffic?

permit tcp {VM-ip address} any eq www - out direction

permit tcp any eq www {VM-ip address} - in direction

or is it possible to allow http traffic (run browser applications) from my VM with single rule in ACL.

Thanks

Labels:
0 Helpful
1 Reply 1

admin11111
Level 4
Level 4

‎07-21-2009 07:42 AM

Currently, Nexus1000V (all NX-OS platforms) does not allow to combine Ingress and Egress rules in one single ACL rule.

User has to explicitly specify Ingress and Egress rules separately, this will allow user to have better flexibility

in terms of filtering traffic in each direction. Going back to your question

or is it possible to allow http traffic (run browser applications) from my VM with single rule in ACL.

It depends upon on the ACL configuration on ports that traffic flows through.

For example, if user already configured ACL configurations which allows only

http traffic in inbound direction from upstream ports, then second rule is not needed , if this VM

receives http traffic only from upstream ports.

If the http traffic flow is possible among the VMs with in a host (inter VM http traffic), configuring

ACL (Ingress & Egress) rules on VM's interface is needed.

Depending on the  ingress and egress traffic flow  (inter VM traffic and to/from upstream network),

user can plan and potentially condese the ACL rules configured on the system.

Srini.

0 Helpful
Customers Also Viewed These Support Documents