Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
2
Helpful
5
Replies

access list on nexus 3000

Go to solution
shaahin13631363
Level 1
Level 1

‎10-20-2024 02:38 AM

hello
I want to write an access list on the nexus 3064 switch so that an IP range on this switch can only be accessed from a specific source, can anyone guide me?
My servers are connected to a 2960 switch, which is also connected to the Nexus switch, and I want them to connect to the IPs of this server only from a specific IP range.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to shaahin13631363

‎10-20-2024 03:57 AM - edited ‎10-20-2024 03:58 AM

Hi @shaahin13631363 

 On the interface or interface vlan that Nexus comnunicate with server, apply the access list outbound

 

ip access-list acl-01
  permit ip 54.2.122.6/30 34.5.121.0/24 
interface "to 2960"
  ip port access-group acl-01 out

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
shaahin13631363
Level 1
Level 1

‎10-20-2024 02:46 AM

Capture.PNG

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to shaahin13631363

‎10-20-2024 03:57 AM - edited ‎10-20-2024 03:58 AM

Hi @shaahin13631363 

 On the interface or interface vlan that Nexus comnunicate with server, apply the access list outbound

 

ip access-list acl-01
  permit ip 54.2.122.6/30 34.5.121.0/24 
interface "to 2960"
  ip port access-group acl-01 out

 

 

0 Helpful

Go to solution
shaahin13631363
Level 1
Level 1
In response to Flavio Miranda

‎10-20-2024 09:37 AM

thanks very much 

Traffic goes to Nexus first and then goes to Switch 2960.  why we use OUT ?

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to shaahin13631363

‎10-20-2024 11:10 AM

You can apply in but It should be on the interface facing the users

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-20-2024 10:15 AM

 

 

Define In, Out, Inbound, Outbound, Source, and Destination

The router uses the terms in, out, source, and destination as references. 

When you refer to a router, these terms have these meanings.

  • Out—Traffic that has already been through the router and leaves the interface. The source is where it has been, on the other side of the router, and the destination is where it goes.

  • In—Traffic that arrives on the interface and then goes through the router. The source is where it has been and the destination is where it goes, on the other side of the router.

  • Inbound—If the access list is inbound, when the router receives a packet, the Cisco IOS software checks the criteria statements of the access list for a match. If the packet is permitted, the software continues to process the packet. If the packet is denied, the software discards the packet.

  • Outbound—If the access list is outbound, after the software receives and routes a packet to the outbound interface, the software checks the criteria statements of the access list for a match. If the packet is permitted, the software transmits the packet. If the packet is denied, the software discards the packet.

check some examples here :

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card