Study notes

N7K-1# debug ip icmp
N7K-1# debug-filter ip icmp packet vrf management

Also, if you are doing a debug, you should redirect it to a log file:

N7K-1# debug logfile icmp
N7K-1# debug ip icmp
N7K-1# show debug logfile icmp

You will now apply the access list ProtectVM as an outbound-rule to the virtual Ethernet interfaces
(veth) of the existing VMs running Windows 7. Here the concept of port-profiles comes very handy in
simplifying the work. As the Veth interface of the Windows 7 VM leverage the port profile VM-Client,
adding the access list to this port profile will automatically update all associated Veth interfaces and
assign the access list to them.
Nexus1000V(config-acl)# port-profile VM-Client
Nexus1000V(config-port-prof)# ip port access-group ProtectVM out
As a result access to both open ports within your Virtual Machine has been blocked.

Note: The directions “in” and “out” of an ACL have to be seen from the perspective of the Virtual Ethernet
Module (VEM), not the Virtual Machine. Thus “in” specifies traffic flowing in to the VEM from the VM,
while “out” specifies traffic flowing out from the VEM to the VM.

Published by

Michel van Kessel

Specialist in Data Center Infrastructure Designs and Cloud Designs. CCIE Data Center #44197 #CiscoChampion

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s