Configuring an External Allow IP ACL

To allow HTTP traffic to the external server, 209.225.113.24 with a netmask of 255.255.255.240 and a scope of fabric, you can create an IP ACL called allow-http using the following syntax:

CLI network-admin@Leaf1>acl-ip-create name allow-http permit scope fabric src-ip 0.0.0.0. src-ip-mask 255.255.255.255 dst-ip 209.225.113.24 dst-ip-mask 255.255.255.240 protocol tcp dst-port 57

To review the configuration, use the acl-ip-show command:

CLI network-admin@Leaf1>>acl-ip-show name allow-http layout vertical

name:               allow-http

id:                 b000025:20

action:             allow

proto:              tcp

src-ip:             0.0.0.0/255.255.255.255

src-port:           0

dst-ip:             209.225.113.24/28

dst-port:           57

vlan:               0

scope:              fabric

port:               0

 

To delete the ACL configuration, use the acl-ip-delete command.

To modify the ACL configuration, use the acl-ip-modify command.