Configuring VLAN ACLs
This chapter describes how to configure VLAN access lists (ACLs) on Cisco NX-OS devices.
This chapter includes the following sections:
Licensing Requirements for VACLs, on page 296
Prerequisites for VACLs, on page 296
Guidelines and Limitations for VACLs, on page 297
Default Settings for VACLs, on page 297
Configuring VACLs, on page 298
Verifying the VACL Configuration, on page 301
Monitoring and Clearing VACL Statistics, on page 301
Configuration Example for VACLs, on page 302
Additional References for VACLs, on page 302
A VLAN ACL (VACL) is one application of an IP ACL or a MAC ACL. You can configure VACLs to apply
to all packets that are routed into or out of a VLAN or are bridged within a VLAN. VACLs are strictly for
security packet filtering and for redirecting traffic to specific physical interfaces. VACLs are not defined by
direction (ingress or egress).
VLAN Access Maps and Entries
VACLs use access maps to contain an ordered list of one or more map entries. Each map entry associates IP
or MAC ACLs to an action. Each entry has a sequence number, which allows you to control the precedence
of entries.
When the device applies a VACL to a packet, it applies the action that is configured in the first access map
entry that contains an ACL that permits the packet.
VACLs and Actions
In access map configuration mode, you use the
command to specify one of the following actions:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x