ACL Types and Applications
The device supports the following types of ACLs for security traffic filtering:
IPv4 ACLs
The device applies IPv4 ACLs only to IPv4 traffic.
IPv6 ACLs
The device applies IPv6 ACLs only to IPv6 traffic.
MAC ACLs
The device applies MAC ACLs only to non-IP traffic.
IP and MAC ACLs have the following types of applications:
Port ACL
Filters Layer 2 traffic
Router ACL
Filters Layer 3 traffic
VLAN ACL
Filters VLAN traffic
VTY ACL
Filters virtual teletype (VTY) traffic
This table summarizes the applications for security ACLs.
Table 12: Security ACL Applications
Types of ACLs Supported
Supported Interfaces
Application
• IPv4 ACLs
• IPv4 ACLs with UDF-based match for Cisco
Nexus 9200, 9300, and 9300-EX Series
switches.
• IPv6 ACLs
• IPv6 ACLs with UDF-based match for Cisco
Nexus 9300-EX Series switches.
• MAC ACLs
• Layer 2 interfaces
• Layer 2 Ethernet port-channel
interfaces
When a port ACL is applied to a trunk port,
the ACL filters traffic on all VLANs on the
trunk port.
Port ACL
• IPv4 ACLs
• IPv6 ACLs
MAC ACLs are supported on Layer 3
interfaces only if you enable MAC
packet classification.
Note
Egress router ACLs are not supported
on subinterfaces and on Cisco Nexus
9300 Series switch uplink ports.
Note
• VLAN interfaces
• Physical Layer 3 interfaces
• Layer 3 Ethernet subinterfaces
• Layer 3 Ethernet port-channel
interfaces
• Management interfaces
You must enable VLAN
interfaces globally before you can
configure a VLAN interface.
Note
Router
ACL
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
214
Configuring IP ACLs
ACL Types and Applications