V Commands
This chapter describes the Cisco NX-OS security commands that begin with V.
vlan access-map
To create a new VLAN access map or to configure an existing VLAN access map, use the vlan access-map command. To remove a VLAN access map, use the no form of this command.
vlan access-map map-name
no vlan access-map map-name
Syntax Description
map-name |
Name of the VLAN access map that you want to create or configure. The name can be up to 64 alphanumeric, case-sensitive characters. |
Command Default
None
Command Modes
Global configuration mode
Command History
|
|
|
4.0(0)N1(1a) |
This command was introduced. |
Usage Guidelines
Each VLAN access map can include one match command and one action command.
Examples
This example shows how to create a VLAN access map named vlan-map-01, assign an IPv4 ACL named ip-acl-01 to the map, specify that the switch forwards packets matching the ACL, and enable statistics for traffic matching the map:
switch(config)# vlan access-map vlan-map-01
switch(config-access-map)# match ip address ip-acl-01
switch(config-access-map)# action forward
switch(config-access-map)# statistics
Related Commands
vlan filter
To apply a VLAN access map to one or more VLANs, use the vlan filter command. To unapply a VLAN access map, use the no form of this command.
vlan filter map-name vlan-list VLAN-list
no vlan filter map-name [vlan-list VLAN-list]
Syntax Description
When you use the no form of this command, the VLAN-list argument is optional. If you omit this argument, the switch removes the access map from all VLANs where the access map is applied. Command Default
None
Command Modes
Global configuration mode
Command History
|
|
|
4.0(0)N1(1a) |
This command was introduced. |
Usage Guidelines
You can apply a VLAN access map to one or more VLANs.
You can apply only one VLAN access map to a VLAN.
The no form of this command enables you to unapply a VLAN access map from all or part of the VLAN list that you specified when you applied the access map. To unapply an access map from all VLANs where it is applied, you can omit the VLAN-list argument. To unapply an access map from a subset of the VLANs where it is currently applied, use the VLAN-list argument to specify the VLANs where the access map should be removed.
Examples
This example shows how to apply a VLAN access map named vlan-map-01 to VLANs 20 through 45:
switch(config)# vlan filter vlan-map-01 20-45
Related Commands
vlan policy deny
To enter VLAN policy configuration mode for a user role, use the vlan policy deny command. To revert to the default VLAN policy for a user role, use the no form of this command.
vlan policy deny
no vlan policy deny
Syntax Description
This command has no arguments or keywords.
Command Default
All VLANs
Command Modes
User role configuration mode
Command History
|
|
|
4.0(0)N1(1a) |
This command was introduced. |
Examples
This example shows how to enter VLAN policy configuration mode for a user role:
switch(config)# role name MyRole
switch(config-role)# vlan policy deny
switch(config-role-vlan)#
This example shows how to revert to the default VLAN policy for a user role:
switch# configure terminal
switch(config)# role name MyRole
switch(config-role)# no vlan policy deny
Related Commands
|
|
|
|---|---|
role name |
Creates or specifies a user role and enters user role configuration mode. |
show role |
Displays user role information. |
vrf policy deny
To configure the deny access to a virtual forwarding and routing instance (VRF) policy for a user role, use the vrf policy deny command. To revert to the default VRF policy configuration for a user role, use the no form of this command.
vrf policy deny
no vrf policy deny
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
User role configuration mode
Command History
|
|
|
4.0(0)N1(1a) |
This command was introduced. |
Examples
This example shows how to enter VRF policy configuration mode for a user role:
switch(config)# role name MyRole
switch(config-role)# vrf policy deny
switch(config-role-vrf)#
This example shows how to revert to the default VRF policy for a user role:
switch(config)# role name MyRole
switch(config-role)# no vrf policy deny
Related Commands
|
|
|
|---|---|
role name |
Creates or specifies a user role and enters user role configuration mode. |
show role |
Displays user role information. |
vsan policy deny
To configure the deny access to a VSAN policy for a user role, use the vsan policy deny command. To revert to the default VSAN policy configuration for a user role, use the no form of this command.
vsan policy deny
no vsan policy deny
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
User role configuration mode
Command History
|
|
|
|---|---|
4.0(0)N1(1a) |
This command was introduced. |
Usage Guidelines
To permit access to the VSAN policy, use the permit vsan command.
Examples
This example shows how to deny access to a VSAN policy for a user role:
switch(config)# role name MyRole
switch(config-role)# vsan policy deny
switch(config-role-vsan)#
This example shows how to revert to the default VSAN policy configuration for a user role:
switch(config)# role name MyRole
switch(config-role)# vsan policy deny
switch(config-role-vsan)# no vsan policy deny
switch(config-role)#
Feedback