acl

Use this command to create or modify an ACL.

Dependencies

Before you create an ACL the following object must be defined:

Usage

    locahost(config)#acl <name>
    localhost(config-acl)#

Settings

Name Description
aclType (required) IPv4|Mac|Ipv6 Default: IPv4
action ALLOW|DENY|COPYtoCPU
cup_queue CPU queuw number for COPYToCPU action. Default: 0
filterName ACL filter name.
interface Command to specify an interface for this acl. specify: eth|vlan
priority ACL priority. ACLs with higher priorities take precedence over a lower value. Default: 1
stage IN|OUT Ingress or Egress where ACL is applied. Default: IN

Sub-Context (interface)

Name Description
fpPort list of IntfRef can be port/lag object
ma list of IntfRef can be port/lag object
vlan list of IntfRef can be port/lag object

Available Commands

Command Purpose
acl <string>
acl aclType <string> Acl type IPv4/Mac/Ipv6/Snmp/VTYv4/VTYv6
acl filterName <string>
acl priority <integer>
acl cpu_queue<integer>
acl action <[]string>
acl stage <string>
acl interface <fpPort | ma | vlan>
acl interface fpPort <[]string> List of fpPort IntfRefs (can be port/lag object)
acl interface ma <[]string> List of ma IntfRefs (can be port/lag object)
vacl interface vlan <[]string> List of vlan IntfRefs (can be port/lag object)

Example

Commands:

FlexSwitch(config)#acl testACL
FlexSwitch(config-acl)#aclType IPv4
FlexSwitch(config-acl)#action ALLOW
FlexSwitch(config-acl)#cpu_queue 1
FlexSwitch(config-acl)#filterName testIPV4AclFilter
FlexSwitch(config-acl)#priority 2
FlexSwitch(config-acl)#stage IN 
FlexSwitch(config-acl)#apply

Response:

Applying Config:
id: 1   object: Acl   status: APPLIED CONFIG  valid: True delete: False num user cmds: 7
 command                         attr          value                model attr    iskey    required    userprov    time provisioned         
--------------------------------------------------------------------------------------------------------------------------------------------
 acl testACL                     acl           testACL              AclName       True     X           X           Tue Sep  5 13:59:06 2017 
 aclType IPv4                    aclType       IPv4                 AclType       False                X           Tue Sep  5 13:59:14 2017 
 action ALLOW                    action        ['ALLOW']            Action        False    X           X           Tue Sep  5 13:59:21 2017 
 cpu_queue 1                     cpu_queue     1                    CpuQueue      False                X           Tue Sep  5 13:59:24 2017 
 filterName testIPV4AclFilter    filterName    testIPV4AclFilter    FilterName    False                X           Tue Sep  5 13:59:40 2017 
 priority 2                      priority      2                    Priority      False                X           Tue Sep  5 13:59:52 2017 
 stage IN                        stage         IN                   Stage         False                X           Tue Sep  5 14:00:01 2017 

sdk:createAcl(testACL,None,['ALLOW'],Priority=2,AclType=IPv4,CpuQueue=1,FilterName=testIPV4AclFilter,Stage=IN) result: SUCCESS: http status code: 201```

### Different ACL Types

The following are examples of several different kinds of ACL's.

``` bash

aclipv4filter no-nsw-pacl-v41
srcIp 10.176.0.0
srcMask 255.10.72.0


acl no-nsw-pacl-v4_acl 
filterName no-nsw-pacl-v41
interface fpPort 1
action ALLOW 
priority 10
aclType IPv4
stage IN 
action ALLOW


aclipv4filter no-nsw-pacl-v42
srcIp 10.176.0.0
srcMask 255.10.72.64
exit
acl no-nsw-pacl-v4_acl
stage IN
priority 20
filterName no-nsw-pacl-v42
aclType IPv4
action ALLOW
interface fpPort 1


aclipv6filter no-nsw-pacl-v6
srcIPv6 2a04:f547:41:0:0:0:0:0
srcMaskv6 FFFF:FFFF:2:320:FFFF:FFFF:FFFF:FFFF
exit
acl no-nsw-pacl-v6_acl_IN
stage IN 
aclType IPv6
filterName no-nsw-pacl-v6
stage IN 
priority 10
action ALLOW
interface fpPort 1


aclipv6filter no-nsw-pacl-v63
srcIPv6 2a04:f547:41:0:0:0:0:0
srcMaskv6 FFFF:FFFF:2:321:FFFF:FFFF:FFFF:FFFF
exit
acl no-nsw-pacl-v62_acl_IN
stage IN 
aclType IPv6
filterName no-nsw-pacl-v63
priority 20
action ALLOW
interface fpPort 1


acl no-nsw-pacl-v63_acl_OUT
stage OUT
aclType IPv6
filterName no-nsw-pacl-v63
priority 20
action ALLOW
interface fpPort 1


acl no-nsw-pacl-v63_acl_OUT111
stage OUT
aclType IPv6
filterName no-nsw-pacl-v63
priority 20
action ALLOW
interface fpPort 1


aclipv6filter no-nsw-pacl-v64
dstIPv6 2a04:f547:41:0:0:0:0:0
dstMaskv6 FFFF:FFFF:2:321:FFFF:FFFF:FFFF:FFFF
exit
acl no-nsw-pacl-v64_acl_IN11
stage IN 
aclType IPv6
filterName no-nsw-pacl-v64
priority 20
action ALLOW
interface fpPort 1
interface vlan 4




acl no-nsw-pacl-v64_acl_OUT1
stage OUT 
aclType IPv6
filterName no-nsw-pacl-v64
priority 20
action ALLOW
interface fpPort 1
interface vlan 4