Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
5
Helpful
4
Replies

Nexus 7010 to Nexus 9508 ACL workaround

thomuff
Level 3
Level 3

‎05-07-2018 01:29 PM - edited ‎03-08-2019 02:56 PM

We plan on replacing our Nexus 7010 with a Nexus 9508

 

One challenge is that the Nexus 9508 does not support IPv4 ACL on Egress of the SVI

 

One solution is remove the VLAN interface and route to the traffic to a Firewall .

 

We are looking for other solutions

 

The purpose of the ACL is to limit traffic destined to the VLAN devices.   

 

A restrictive vlan.

 

Thanks

 

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-07-2018 01:37 PM

The purpose of the ACL is to limit traffic destined to the VLAN devices.  

How do you limit the traffic today using 7010?

If it is qos, firewalls may have more limited functionalities when it comes to QOS.

HTH

thomuff
Level 3
Level 3
In response to Reza Sharifi

‎05-07-2018 01:42 PM

We limit the traffic to day with an IPv4 ACL applies to the VLAN interface



Ie

Int vlan 23

ip access-group LIMITACCESSOUT out



This command is not supported on the Catalyst 9508



Another suggestion was a VACL.


0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to thomuff

‎05-07-2018 01:59 PM

Another suggestion was a VACL.

VACL is used for blocking and forwarding within a vlan and not inbound or outbound to a vlan.

 

ip access-group LIMITACCESSOUT out

You did not post the ACL statement but if you have a deny statement, this will block all traffic and not limit traffic.  Is that what you are trying to do?

 

HTH

 

 

 

 

0 Helpful

thomuff
Level 3
Level 3
In response to Reza Sharifi

‎05-15-2018 06:23 AM

by removing the logging option in the acl, we were able to apply the ACL

The posts were very helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card