Ingress ACL Configuration Examples

This section uses examples to demonstrate many of the ACL configuration options and to show how the REST APIs correspond to the CLI commands.

Specifying IPv4 Access Control to an Interface in the Ingress Direction

 Attaching an IPv4 Access List to an Interface in the Ingress Direction

POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4/policy/ingress.json

{
  "aclIngress": {
    "children": [
      {
        "aclIf": {
          "attributes": {
            "name": "eth1/1"
          },
          "children": [
            {
              "aclInst": {
                "attributes": {
                  "name": "foo"
}}}]}}]}}

{
    imdata": []
}

<System>
  <acl-items>
    <ipv4-items>
      <policy-items>
        <ingress-items>
          <intf-items>
            <If-list>
              <name>eth1/1</name>
              <acl-items>
                <name>foo</name>
              </acl-items>
            </If-list>
          </intf-items>
        </ingress-items>
      </policy-items>
    </ipv4-items>
  </acl-items>
</System>

Attaches an IPv6 ACL to an interface in the egress direction.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

interface eth1/1
 ip access-group foo in

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Specifying IPv6 Access Control for Inbound Packets

 Specifying IPv6 Access Control for Inbound Packets

POST http://<mgmt0_IP>/api/mo/sys/acl/ipv4/policy/ingress.json

{
  "aclIngress": {
    "children": [
      {
        "aclVty": {
          "children": [
            {
              "aclInst": {
                "attributes": {
                  "name": "bar_vty"
}}}]}}]}}

{
    imdata": []
}

<System>
  <acl-items>
    <ipv4-items>
      <policy-items>
        <ingress-items>
          <vty-items>
            <acl-items>
              <name>bar_vty</name>
            </acl-items>
          </vty-items>
        </ingress-items>
      </policy-items>
    </ipv4-items>
  </acl-items>
</System>

Specifying IPv6 access control for inbound packets.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

line vty
 ipv6 access-class bar_vty in

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html