The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To allow traffic from a source IP address to a destination IP address, use the permit command. To remove a permit rule, if any, use the no form of this command.
[sequence-number] permit ip source-address destination-address
no sequence-number
sequence-number |
(Optional) Specifies the sequence number. The range is from 1–4294967295. The default is 10.
|
||
source-address |
Specifies the source IP address. |
||
destination-address |
Specifies the destination IP address. |
No rule is created on traffic.
Release |
Modification |
---|---|
Cisco NX-OS 8.2(1) |
This command was introduced. |
Catena must be enabled and configured before using this command. For more information about these tasks, see "Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution."
This example shows how to permit traffic from a source IP address to a destination IP address:
switch(config)# catena port-acl pa1 switch(config-port-acl)# 2 permit ip 209.165.200.225 10.0.0.1
Command |
Description |
---|---|
catena |
Creates a Catena instance. |
catena port-acl |
Configures an ACL port. |
deny |
Prevents traffic from a source IP address to a destination IP address. |
To configure a device-group probe, use the probe command. To remove the configuration, use the no form of this command.
probe probe-id [ control status ] [ host host-name ] [ frequency frequency-number | timeout timeout | retry-down-count down-count | retry-up-count up-count | ip ipv4-address ]
noprobe probe-id [ control status ] [ host host-name ] [ frequency frequency-number | timeout timeout | retry-down-count down-count | retry-up-count up-count | ip ipv4-address ]
probe-id |
Probe ID. You can specify ICMP, TCP, UDP, or DNS as the probe ID. |
control status |
(Optional) Specifies the control protocol status. |
host host-name |
(Optional) Specifies the host name. |
frequency frequency-number |
(Optional) Specifies the time interval, in seconds, between the successive probes sent to the node. |
timeout timeout |
(Optional) Specifies the amount of time, in seconds, to wait for the probe response. |
retry-down-count down-count |
(Optional) Specifies the consecutive number of times the probe must have failed prior to the node being marked as Down. |
retry-up-count up-count |
(Optional) Specifies the consecutive number of times the probe must have succeeded prior to the node being marked as Up. |
ip ipv4-address |
(Optional) Specifies the IP address-based load or traffic distribution. |
None.
Device group configuration mode (config-device-group)
Release |
Modification |
---|---|
Cisco NX-OS 8.0(1) |
This command was introduced. |
Catena must be enabled and configured before using this command. For more information about these task, see "Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution."
The following example shows how to configure a device-group probe:
switch# configure terminal switch(config)# catena device-group s-dg-1 switch(config-device-group)# node ip 1.1.1.1 switch(config-device-group)# node ip 2.2.2.2 switch(config-device-group)# probe icmp
Command |
Description |
---|---|
Creates a device group. |
|
Assigns a node to a device group. |