Configuring an External Allow IP ACL

To allow HTTP traffic to the external server, with a netmask of and a scope of fabric, you can create an IP ACL called allow-http using the following syntax:

CLI network-admin@Leaf1>acl-ip-create name allow-http permit scope fabric src-ip src-ip-mask dst-ip dst-ip-mask protocol tcp dst-port 57

To review the configuration, use the acl-ip-show command:

CLI network-admin@Leaf1>>acl-ip-show name allow-http layout vertical

name:               allow-http

id:                 b000025:20

action:             allow

proto:              tcp


src-port:           0


dst-port:           57

vlan:               0

scope:              fabric

port:               0


To delete the ACL configuration, use the acl-ip-delete command.

To modify the ACL configuration, use the acl-ip-modify command.