Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nexus1000v : ip access-list with port range

Hi,

I am configuring ip access-list policy with port range on Nexus1000v. I want to block traffic of a VM based on specific port or port range. Following is the example showing, blocking of rdp service (port - 3389) of vm x.x.x.x. But the scipt blocks all traffic of x.x.x.x.

Can any body verify the scirpt and tell whats the problem with the script?

vm x.x.x.x is on Veth2

config t

ip access-list Veth2_rc_vmfw_acl_in

deny tcp any host x.x.x.x eq 3389

exit

ip access-list Veth2_rc_vmfw_acl_out

deny tcp host x.x.x.x any eq 3389

exit

interface Veth2

ip port access-group Veth2_rc_vmfw_acl_in in

ip port access-group Veth2_rc_vmfw_acl_out out

exit

exit

Thanks

  • Network Management
344
Views
0
Helpful
0
Replies