Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
713
Views
0
Helpful
2
Replies

Trying to do a VACL on Nexus 7018

Go to solution
rpastrana
Level 1
Level 1

‎03-05-2013 06:58 AM - edited ‎03-07-2019 12:03 PM

Hello, we have a Nexus 7018 with NX OS 5.2(1), and we were trying to understand somehow the steps to do a VACL, we know that in IOS it would be:

interface GigabitEthernet9/33

description Puerto. Captura

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 19,20

switchport mode trunk

switchport nonegotiate

switchport capture

switchport capture allowed vlan 19,20

vlan access-map TRAFICO_VIPAS_HOST_MAP 10

match ip address TRAFICO_VIPAS_HOST

action forward capture

vlan access-map TRAFICO_VIPAS_HOST_MAP 20

match ip address ALL_TRAFFIC

action forward

vlan filter TRAFICO_VIPAS_HOST_MAP vlan-list 19-20

ip access-list extended ALL_TRAFFIC

permit ip any any

ip access-list extended TRAFICO_VIPAS_HOST

remark

remark  DOMINOs

permit tcp host 10.30.200.2 eq smtp any

permit tcp host 10.30.200.2 eq 1352 any

permit tcp host 10.30.200.2 eq 2050 any

We were reading this guide, but it looks like it doesn't explain that well how to do it actually:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5.x_chapter_01110.html#steps_1294169-CLI

We'd like to know if someone had kind of experience with this type of equipment, and give us a few opinions about how oculd we do it best.

Kind regards.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎03-05-2013 07:15 PM

Hi,

Please go through the VACL option under the following link:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_010000.html#steps_1089742-CLI

This explains the way you need to configure and use the VACL.

HTH

Regards

Inayath

*Plz rate the usefull posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎03-05-2013 07:15 PM

Hi,

Please go through the VACL option under the following link:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_010000.html#steps_1089742-CLI

This explains the way you need to configure and use the VACL.

HTH

Regards

Inayath

*Plz rate the usefull posts.

0 Helpful

Go to solution
rpastrana
Level 1
Level 1
In response to InayathUlla Sharieff

‎03-06-2013 12:19 AM

Thanks for your answer. I think i got it now. I was having problems with the option action forward capture, not present on NX OS, but if i am not mistaken, on NX OS you tell the items to capture on the ACL with:


permit    capture session

and using a monitor session and enabling hardware access-list capture to copy the packets on a port. Am i right?.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card