Use EMA and CLI to add or modify Access Control List rules.

For feature description, refer to IP ACL Policing - Packet Filtering.

Adding/Editing a Rule Using CLI


Note

The Bucket Size value is insignificant if the Fill Rate value is unlimited.

  • The Fill Rate is the maximum rate you expect for the traffic to pass the policer.
  • The Bucket Size is the number of additional packets allowed to pass in a given period if available packets are in the bucket. The credit balance is consumed before the packets are discarded.

If the ACL rules with action = discard, the Fill Rate and the Bucket Size values are irrelevant, and the packets are dropped based on the Type, IP address, or Port.

The Fill Rate and the Bucket Size parameters do not play any role since the policer portion of an ACL is only applicable for the "accept" action and is ignored with the "discard" action since all the packets are already discarded by the criteria.

Use following command to add/edit a rule:

% set addressContext <name> ipAccessControlList...

Mandatory parameters:

  • rule <name>
  • precedence <1-65535>

Non-mandatory parameters (default values are in bold font):

  • action <accept | discard>
  • bucketSize <1-255, or unlimited>
  • destinationAddressPrefixLength <length, 0>
  • destinationIpAddress <IPv4 / IPv6 Address, 0.0.0.0>
  • destinationPort <0-65535, or any>
  • fillRate <1-10000, unlimited>
  • ipInterface <name>
  • ipInterfaceGroup <name>
  • mgmtIpInterface <name>
  • mgmtIpInterfaceGroup <name>
  • protocol <0–255 | any | icmp | icmpv6 | ospf | tcp | udp>
  • sourceAddressPrefixLength <0-128>
  • sourceIpAddress <IPv4 / IPv6 address, 0.0.0.0>
  • sourcePort <0-65535, or any>
  • state <disbled | enabled>

For parameter descriptions, see  IP Access Control List - Cloud - CLI

Adding or Editing a Rule Using EMA

Refer to Security Configuration - IP Access Control List