|
| 1 | +--- |
| 2 | +title: Azure Operator Nexus - Applying ACLs to Network-to-Network Interconnects (NNI) |
| 3 | +description: Learn how to apply Access Control Lists (ACLs) to network-to-network interconnects (NNI) within Azure Nexus Network Fabric. |
| 4 | +author: sushantjrao |
| 5 | +ms.author: sushrao |
| 6 | +ms.service: azure-operator-nexus |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 04/18/2024 |
| 9 | +ms.custom: template-how-to |
| 10 | +--- |
| 11 | + |
| 12 | +# Access Control List (ACL) Management for NNI |
| 13 | + |
| 14 | +In Azure Nexus Network Fabric, maintaining network security is paramount for ensuring a robust and secure infrastructure. Access Control Lists (ACLs) are crucial tools for enforcing network security policies. This guide will lead you through the process of applying ACLs to network-to-network interconnects (NNI) within the Nexus Network Fabric. |
| 15 | + |
| 16 | +## Applying Access Control Lists (ACLs) to NNI in Azure Fabric |
| 17 | + |
| 18 | +To maintain network security and regulate traffic flow within your Azure Fabric network, applying Access Control Lists (ACLs) to network-to-network interconnects (NNI) is essential. This guide delineates the steps for effectively applying ACLs to NNIs. |
| 19 | + |
| 20 | +#### Applying ACLs to NNI |
| 21 | + |
| 22 | +Before applying ACLs to NNIs, utilize the following commands to view ACL details. |
| 23 | + |
| 24 | +#### Viewing ACL details |
| 25 | + |
| 26 | +To view the specifics of a particular ACL, execute the following command: |
| 27 | + |
| 28 | +```azurecli |
| 29 | +az networkfabric acl show --name acl-ingress --resource-group myResourceGroup |
| 30 | +``` |
| 31 | + |
| 32 | +This command furnishes detailed information regarding the ACL's configuration, administrative state, default action, and matching conditions. |
| 33 | + |
| 34 | +#### Listing ACLs in a resource group |
| 35 | + |
| 36 | +To list all ACLs within a resource group, use the command: |
| 37 | + |
| 38 | +```azurecli |
| 39 | +az networkfabric acl list --resource-group myResourceGroup |
| 40 | +``` |
| 41 | + |
| 42 | +This command presents a comprehensive list of ACLs along with their configuration states and other pertinent details. |
| 43 | + |
| 44 | +#### Applying Ingress ACL to NNI |
| 45 | + |
| 46 | +```azurecli |
| 47 | +az networkfabric nni update --resource-group "example-rg" --resource-name "example-nnimgmt" --fabric "examplefabric" --ingress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4ingressACL" |
| 48 | +``` |
| 49 | + |
| 50 | +| Parameter | Description | |
| 51 | +|-------------------|--------------------------------------------------| |
| 52 | +| --ingress-acl-id | Apply the ACL as ingress by specifying its ID. | |
| 53 | + |
| 54 | +#### Applying Egress ACL to NNI |
| 55 | + |
| 56 | +```azurecli |
| 57 | +az networkfabric nni update --resource-group "example-rg" --resource-name "example-nnimgmt" --fabric "examplefabric" --egress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4ingressACL" |
| 58 | +``` |
| 59 | + |
| 60 | +| Parameter | Description | |
| 61 | +|------------------|------------------------------------------------| |
| 62 | +| --egress-acl-id | Apply the ACL as egress by specifying its ID. | |
| 63 | + |
| 64 | +#### Applying Ingress and Egress ACLs to NNI: |
| 65 | + |
| 66 | +```azurecli |
| 67 | +az networkfabric nni update --resource-group "example-rg" --resource-name "example-nnimgmt" --fabric "examplefabric" --ingress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4ingressACL" --egress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4egressACL" |
| 68 | +``` |
| 69 | + |
| 70 | +| Parameter | Description | |
| 71 | +|-------------------|----------------------------------------------------------------------------------------------------------------| |
| 72 | +| --ingress-acl-id, --egress-acl-id | To apply both ingress and egress ACLs simultaneously, create two new ACLs and include their respective IDs. | |
0 commit comments