The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS security commands that begin with V.
To create a new VLAN access map or to configure an existing VLAN access map, use the vlan access-map command. To remove a VLAN access map, use the no form of this command.
Name of the VLAN access map that you want to create or configure. The name can be up to 64 alphanumeric, case-sensitive characters. |
|
|
Each VLAN access map can include one match command and one action command.
This example shows how to create a VLAN access map named vlan-map-01, assign an IPv4 ACL named ip-acl-01 to the map, specify that the switch forwards packets matching the ACL, and enable statistics for traffic matching the map:
To apply a VLAN access map to one or more VLANs, use the vlan filter command. To unapply a VLAN access map, use the no form of this command.
vlan filter map-name vlan-list VLAN-list
no vlan filter map-name [ vlan-list VLAN-list ]
|
|
You can apply a VLAN access map to one or more VLANs.
You can apply only one VLAN access map to a VLAN.
The no form of this command enables you to unapply a VLAN access map from all or part of the VLAN list that you specified when you applied the access map. To unapply an access map from all VLANs where it is applied, you can omit the VLAN-list argument. To unapply an access map from a subset of the VLANs where it is currently applied, use the VLAN-list argument to specify the VLANs where the access map should be removed.
This example shows how to apply a VLAN access map named vlan-map-01 to VLANs 20 through 45:
To enter VLAN policy configuration mode for a user role, use the vlan policy deny command. To revert to the default VLAN policy for a user role, use the no form of this command.
|
|
This example shows how to enter VLAN policy configuration mode for a user role:
This example shows how to revert to the default VLAN policy for a user role:
|
|
---|---|
Creates or specifies a user role and enters user role configuration mode. |
|
To configure the deny access to a virtual forwarding and routing instance (VRF) policy for a user role, use the vrf policy deny command. To revert to the default VRF policy configuration for a user role, use the no form of this command.
|
|
This example shows how to enter VRF policy configuration mode for a user role:
This example shows how to revert to the default VRF policy for a user role:
|
|
---|---|
Creates or specifies a user role and enters user role configuration mode. |
|
To configure the deny access to a VSAN policy for a user role, use the vsan policy deny command. To revert to the default VSAN policy configuration for a user role, use the no form of this command.
|
|
---|---|
To permit access to the VSAN policy, use the permit vsan command.
This example shows how to deny access to a VSAN policy for a user role:
This example shows how to revert to the default VSAN policy configuration for a user role:
|
|
---|---|
Creates or specifies a user role and enters user role configuration mode. |
|