In this section:
Use EMA and CLI to add or modify Access Control List rules.
For feature description, refer to IP ACL Policing - Packet Filtering.
Adding/Editing a Rule Using CLI
The Bucket Size value is insignificant if the Fill Rate value is unlimited. If the ACL rules with action = discard, the Fill Rate and the Bucket Size values are irrelevant, and the packets are dropped based on the Type, IP address, or Port. The Fill Rate and the Bucket Size parameters do not play any role since the policer portion of an ACL is only applicable for the "accept" action and is ignored with the "discard" action since all the packets are already discarded by the criteria.
Use following command to add/edit a rule:
% set addressContext <name> ipAccessControlList...
Mandatory parameters:
rule <name>
precedence <1-65535>
Non-mandatory parameters (default values are in bold font):
- action <accept | discard>
- bucketSize <1-255, or unlimited>
- destinationAddressPrefixLength <length, 0>
- destinationIpAddress <IPv4 / IPv6 Address, 0.0.0.0>
- destinationPort <0-65535, or any>
- fillRate <1-10000, unlimited>
- ipInterface <name>
- ipInterfaceGroup <name>
- mgmtIpInterface <name>
- mgmtIpInterfaceGroup <name>
- protocol <0–255 | any | icmp | icmpv6 | ospf | tcp | udp>
- sourceAddressPrefixLength <0-128>
- sourceIpAddress <IPv4 / IPv6 address, 0.0.0.0>
- sourcePort <0-65535, or any>
- state <disbled | enabled>
For parameter descriptions, see IP Access Control List - Cloud - CLI
Adding or Editing a Rule Using EMA
Refer to Security Configuration - Ip Access Control List