Cisco Nexus 6000 Series NX-OS Security Command Reference
V Commands
Downloads: This chapterpdf (PDF - 109.0KB) The complete bookPDF (PDF - 2.5MB) | Feedback

V Commands

Table Of Contents

V Commands

vlan access-map

vlan filter

vlan policy deny

vrf policy deny

vsan policy deny


V Commands


This chapter describes the Cisco NX-OS security commands that begin with V.

vlan access-map

To create a new VLAN access map or to configure an existing VLAN access map, use the vlan access-map command. To remove a VLAN access map, use the no form of this command.

vlan access-map map-name

no vlan access-map map-name

Syntax Description

map-name

Name of the VLAN access map that you want to create or configure. The name can be up to 64 alphanumeric, case-sensitive characters.


Command Default

None

Command Modes

Global configuration mode

Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.


Usage Guidelines

Each VLAN access map can include one match command and one action command.

Examples

This example shows how to create a VLAN access map named vlan-map-01, assign an IPv4 ACL named ip-acl-01 to the map, specify that the switch forwards packets matching the ACL, and enable statistics for traffic matching the map:

switch(config)# vlan access-map vlan-map-01 
switch(config-access-map)# match ip address ip-acl-01 
switch(config-access-map)# action forward 
switch(config-access-map)# statistics 
 
   

Related Commands

Command
Description

action

Specifies an action for traffic filtering in a VLAN access map.

match

Specifies an ACL for traffic filtering in a VLAN access map.

show vlan access-map

Displays all VLAN access maps or a VLAN access map.

show vlan filter

Displays information about how a VLAN access map is applied.

vlan filter

Applies a VLAN access map to one or more VLANs.


vlan filter

To apply a VLAN access map to one or more VLANs, use the vlan filter command. To unapply a VLAN access map, use the no form of this command.

vlan filter map-name vlan-list VLAN-list

no vlan filter map-name [vlan-list VLAN-list]

Syntax Description

map-name

Name of the VLAN access map that you want to create or configure.

vlan-list VLAN-list

Specifies the ID of one or more VLANs whose traffic the VLAN access map filters.

Use a hyphen (-) to separate the beginning and ending IDs of a range of VLAN IDs; for example, use 70-100.

Use a comma (,) to separate individual VLAN IDs and ranges of VLAN IDs; for example, use 20,70-100,142.

Note When you use the no form of this command, the VLAN-list argument is optional. If you omit this argument, the switch removes the access map from all VLANs where the access map is applied.


Command Default

None

Command Modes

Global configuration mode

Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.


Usage Guidelines

You can apply a VLAN access map to one or more VLANs.

You can apply only one VLAN access map to a VLAN.

The no form of this command enables you to unapply a VLAN access map from all or part of the VLAN list that you specified when you applied the access map. To unapply an access map from all VLANs where it is applied, you can omit the VLAN-list argument. To unapply an access map from a subset of the VLANs where it is currently applied, use the VLAN-list argument to specify the VLANs where the access map should be removed.

Examples

This example shows how to apply a VLAN access map named vlan-map-01 to VLANs 20 through 45:

switch(config)# vlan filter vlan-map-01 20-45 
 
   

Related Commands

Command
Description

action

Specifies an action for traffic filtering in a VLAN access map.

match

Specifies an ACL for traffic filtering in a VLAN access map.

show vlan access-map

Displays all VLAN access maps or a VLAN access map.

show vlan filter

Displays information about how a VLAN access map is applied.

vlan access-map

Configures a VLAN access map.


vlan policy deny

To enter VLAN policy configuration mode for a user role, use the vlan policy deny command. To revert to the default VLAN policy for a user role, use the no form of this command.

vlan policy deny

no vlan policy deny

Syntax Description

This command has no arguments or keywords.

Command Default

All VLANs

Command Modes

User role configuration mode

Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.


Examples

This example shows how to enter VLAN policy configuration mode for a user role:

switch(config)# role name MyRole 
switch(config-role)# vlan policy deny 
switch(config-role-vlan)# 
 
   

This example shows how to revert to the default VLAN policy for a user role:

switch# configure terminal 
switch(config)# role name MyRole 
switch(config-role)# no vlan policy deny 
 
   

Related Commands

Command
Description

role name

Creates or specifies a user role and enters user role configuration mode.

show role

Displays user role information.


vrf policy deny

To configure the deny access to a virtual forwarding and routing instance (VRF) policy for a user role, use the vrf policy deny command. To revert to the default VRF policy configuration for a user role, use the no form of this command.

vrf policy deny

no vrf policy deny

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

User role configuration mode

Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.


Examples

This example shows how to enter VRF policy configuration mode for a user role:

switch(config)# role name MyRole 
switch(config-role)# vrf policy deny 
switch(config-role-vrf)# 
 
   

This example shows how to revert to the default VRF policy for a user role:

switch(config)# role name MyRole 
switch(config-role)# no vrf policy deny 
 
   

Related Commands

Command
Description

role name

Creates or specifies a user role and enters user role configuration mode.

show role

Displays user role information.


vsan policy deny

To configure the deny access to a VSAN policy for a user role, use the vsan policy deny command. To revert to the default VSAN policy configuration for a user role, use the no form of this command.

vsan policy deny

no vsan policy deny

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

User role configuration mode

Command History

Release
Modification

6.0(2)N1(1)

This command was introduced.


Usage Guidelines

To permit access to the VSAN policy, use the permit vsan command.

Examples

This example shows how to deny access to a VSAN policy for a user role:

switch(config)# role name MyRole 
switch(config-role)# vsan policy deny 
switch(config-role-vsan)# 
 
   

This example shows how to revert to the default VSAN policy configuration for a user role:

switch(config)# role name MyRole 
switch(config-role)# vsan policy deny 
switch(config-role-vsan)# no vsan policy deny 
switch(config-role)#
 
   

Related Commands

Command
Description

permit vsan

Configures permit access to a VSAN policy for a user.

role name

Creates or specifies a user role and enters user role configuration mode.

show role

Displays user role information.