Configuring an External Deny ACL
From Figure 2 IP ACL Blocking External Access, you can see the following information:
IP Address
Port Number
To configure an ACL to deny traffic from the external server, use the acl-ip-create command to create an ACL named deny-external:
CLI network-admin@switch > >acl-ip-create name deny-external scope fabric src-ip 209.255.113.24/28 action deny
To review the configuration, use the acl-ip-show command:
CLI network-admin@switch > acl-ip-show name deny-external layout vertical
name:               deny-external
id:                 90008e4:35
action:             deny
proto:              ip
src-ip:             209.225.113.24/28
src-port:           0
dst-ip:             ::/0
dst-port:           0
vnet:
bd:
vlan:               0
scope:              fabric
port:               0