ACL Objects

This page contains descriptions of the ACL related objects in the FlexSwitch object models.

Attention

Attributes without default values listed are required in API calls.

Configuration Objects

AclGlobal

config/AclGlobal

Note

This object is autocreated when the FlexSwtich is started.

Attribute Data Type Description Permitted Values
AclGlobal [Key] string Indicates aclGlobal instance. DEFAULT:default"
GlobalDropEnable string Global traffic drop flag SELECTION: TRUE/FALSE
DEFAULT:FALSE

Acl

config/Acl

Attribute Data Type Description Permitted Values
AclName [Key] string Acl name.
IntfList []string list of IntfRef can be port/lag object
Stage string Ingress or Egress where ACL to be applied. SELECTION: IN/OUT
DEFAULT: IN
Priority int32 Acl priority. Acls with higher priority will have precedence over with lower. DEFAULT:1
AclType string Acl type IPv4/Mac/Ipv6 SELECTION: IPv4/Mac/IPv6
DEFAULT : IPv4
Action []string Type of action (ALLOW/DENY/COPYToCPU)
CpuQueue int32 CPU queue number for CopyToCpu action DEFAULT:0
FilterName string Filter name for acl DEFAULT:""

AclIpv4Filter

config/AclIpv4Filter

Attribute Data Type Description Permitted Values
FilterName [Key] string AClIpv4 filter name .
SourceIp string Source IP address DEFAULT:""
DestIp string Destination IP address DEFAULT:""
SourceMask string Network mask for source IP DEFAULT:""
DestMask string Network mark for dest IP DEFAULT:""
Proto string Protocol type TCP/UDP/ICMPv4/ICMPv6 SELECTION: TCP/UDP/ICMPv4/ICMPv6
DEFAULT:""
SrcIntf string Source Intf(used for mlag) DEFAULT: ""
DstIntf string Dest Intf(used for mlag) DEFAULT: ""
L4SrcPort int32 TCP/UDP source port DEFAULT:0
L4DstPort int32 TCP/UDP destionation port DEFAULT:0
L4PortMatch string Match condition can be EQ(equal) , NEQ(not equal), RANGE(port range) SELECTION:EQ/NEQ/RANGE
DEFAULT:""
L4MinPort int32 Min port when l4 port is specified as range DEFAULT:0
L4MaxPort int32 Max port when l4 port is specified as range DEFAULT:0

AclIpv6Filter

config/AclIpv6Filter

Attribute Data Type Description Permitted Values
FilterName [Key] string AClIpv6 filter name ."
SourceIpv6 string Source IPv6 address DEFAULT:""
DestIpv6 string Destination IPv6 address DEFAULT:""
SourceMaskv6 string Network mask for source IPv6 DEFAULT:""
DestMaskv6 string Network mark for dest IPv6 DEFAULT:""
Proto string Protocol type TCP/UDP/ICMPv4/ICMPv6 SELECTION: TCP/UDP/ICMPv4/ICMPv6<.br> DEFAULT:""
SrcIntf string Source Intf(used for mlag) DEFAULT:""
DstIntf string Dest Intf(used for mlag) DEFAULT:""
L4SrcPort int32 TCP/UDP source port DEFAULT:0
L4DstPort int32 TCP/UDP destionation port DEFAULT:0
L4PortMatch string Match condition can be EQ(equal) , NEQ(not equal), RANGE(port range) SELECTION: EQ/NEQ/LT/GT/RANGE
DEFAULT:""
L4MinPort int32 Min port when l4 port is specified as range DEFAULT:0
L4MaxPort int32 Max port when l4 port is specified as range", DEFAULT:0

AclMacFilter

config/AclMacFilter

Attribute Data Type Description Permitted Values
FilterName [Key] string MAC filter name.
SourceMac string Source MAC address. DEFAULT:""
DestMac string Destination MAC address DEFAULT:""
SourceMask string Source Mask DEFAULT:""
DestMask string Destination Mask DEFAULT:""

State Objects

AclGlobalState

state/AclGlobal

Attribute Data Type Description Permitted Values
AclGlobal [Key] string acl global instance
GlobalDropEnable string Indicates if the global drop is enabled.
UsedEntriesIPv4MACIngress int32 Total used entries for ipv4 and mac acls on ingress pipeline.
FreeEntriesIPv4MACIngress int32 Total free entries for ipv4 and mac acls on ingress pipeline.
UsedEntriesIPv4MACEgress int32 Total used entries for ipv4 and mac acls on egress pipeline.
FreeEntriesIPv4MACEgress int32 Total free entries for ipv4 and mac acls on egress pipeline.
UsedEntriesIPv6Ingress int32 Total used entries for ipv6 acls on ingress pipeline.
FreeEntriesIPv6Ingress int32 Total free entries for ipv6 acls on ingress pipeline.
UsedEntriesIPv6Egress int32 Total used entries for ipv6 acls on egress pipeline.
FreeEntriesIPv6Egress int32 Total free entries for ipv6 acls on egress pipeline.

AclState

state/AclState

Attribute Data Type Description Permitted Values
AclName [Key] string Acl rule name
Priority int32 Acl priority
AclType string Type can be IPv4/MAC/IPv6
Stage string Ingress or egress pipeline where Acl is applied.
IntfList []string list of IntfRef can be port/lag object
HitCount uint64 No of packets hit the rule if applied.