Configuring an External Allow IP ACL
To allow HTTP traffic to the external server, 209.225.113.24 with a netmask of 255.255.255.240 and a scope of fabric, you can create an IP ACL called allow-http using the following syntax:
CLI network-admin@switch > acl-ip-create name allow-http permit scope fabric src-ip 0.0.0.0. src-ip-mask 255.255.255.255 dst-ip 209.225.113.24 dst-ip-mask 255.255.255.240 protocol tcp dst-port 57
To review the configuration, use the acl-ip-show command:
CLI network-admin@switch > >acl-ip-show name allow-http layout vertical
name:               allow-http
id:                 b000025:20
action:             allow
proto:              tcp
src-ip:             0.0.0.0/255.255.255.255
src-port:           0
dst-ip:             209.225.113.24/28
dst-port:           57
vlan:               0
scope:              fabric
port:               0
 
To delete the ACL configuration, use the acl-ip-delete command.
To modify the ACL configuration, use the acl-ip-modify command.