Vlan acl s on cisco nexus 7000

steve switzer · ‎05-05-2015

Hi All

I need to configure an acl on a vlan on a nexus 7000.

Now i have a guide but i want to convert an old style access list with permits denys and finally a deny

all at the end into a nexus 7000 acl

so

Do i do it like this ..

conf t

vlan access-map acl-map
  match mac address acl-mac-01  (permits)
  action forward 
  match mac address acl-drop1 (denys)
  action drop
  match mac address acl-perm02 (permits)
action forward 
  match mac address acl-drop2 (deny all)
  action drop

vlan filter acl-map vlan-list 50-82

Is that correct because the guide i have doesnt specify if you can ghave multiple acls on an acl-map or not

Otherwise how can you use an acl with multiple alternating permits and denies ?

Steve

W

steve switzer · ‎05-06-2015

Problem for me at the moment is i wanted to do some specific permits

followed by some specific drops , followed by some specific permits

It seems i cannot do this so i am stuck !

Ip access-list acl-mac-01

10 remark is Guest for forescout

20 permit ip any xxx.xx.xxx.0/24 eq 8080

30 permit ip any xxx.xx.xxx.0/24 eq 9997-9998

Ip access-list acl-drop-01

10 deny ip any xxx.xx.0.0/16

20 deny ip any 10.0.0.0/8

Ip access-list acl-perm02

10 permit ip any any eq 443

20 permit ip any any eq 80

Steve