Parameter | Description |
|---|
Name | The name of this access control list rule. |
Precedence | Use this parameter to specify the rule precedence to control which ACL rule is applied when multiple rules match a given packet. If an incoming packet matches multiple rules, the IP ACL rule with the highest precedence (lowest numerical precedence value) is applied to that packet. Each IP ACL rule must use a unique precedence value. |
Protocol | Enter IP protocol type for use as a criterion of the IP input match. Choices are 0-255, or one of the following: - any – (default) filter all protocols
- icmp – filter ICMP only
- icmpv6 – filter ICMPv6 only
- ospf – filter OSPF only
- tcp – filter TCP only
- udp – filter UDP only
These protocols are typically associated with particular logical port values. |
IP Interface
Group | The name of a IP interface group to match or "any" to match any IP interface group. |
IP Interface | The name of an IP interface to match, or "any" to match any IP interface. |
Mgmt IP Interface Group | The name of a Management Interface Group. NOTE: The Mgmt IP Interface Group parameter is only available from the Default Address Context, even if the Default Address Context does not contain any other configurations. |
Mgmt IP Interface | The name of a Management IP Interface. NOTE: The Mgmt IP Interface parameter is only available from the Default Address Context, even if the Default Address Context does not contain any other configurations. |
Source IP Address | The source IP address to match. | Note |
|---|
When configuring a Source Ip Address, the Source Address Prefix Length must also be specified. |
|
Source Address
Prefix Length | The length of source IP address prefix which must match the protocol. Must be 0 -
32, default is 0. |
Destination IP Address | The destination IP address (IPV4/IPV6) prefix to match. | Note |
|---|
When configuring a Destination Ip Address, the Destination Address Prefix Length must also be specified. |
|
| Destination Address Prefix Length | Specifies the length of destination IP address prefix. The value ranges from 0 to 128 and the default value is 0. |
Source Port | The IP port value. Must be 0 - 65535, default is any. |
Destination
Port | The IP port value. Must be 0 - 65535, default is any. |
Action | The action to be taken when the IP access control list rule match. - Accept
- Discard
- Unconditional Deny
|
Fill Rate | The number of packets to add to the bucket credit balance (in packets/second). If a packet is received at a rate exceeding this fill rate, it is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policer Alarm monitoring this Media Port. The bucket credit balance is always less than the configured bucket size regardless of the size of this increment. Must be Range: 1 - 10000, default is 50. |
Bucket Size | The policing bucket size (in packets). It represents a credit balance that should be consumed before the packets are discarded. The consumed credits reside in the bucket and gets reduced for every packet received on the Network Interface (NI). If a packet is received when the credit balance is less than the size of the packet, the packet is discarded subjected to the discard rate set in the IP Policing Alarm profile or in the Policer Alarm monitoring this Media Port. (default is 'unlimited', which allows continuous policing). Must be 2048-65520 Range: 1 -255, default is 50. |
State | It specifies the administrative state of ACL rule. enabled Enabled - disabled Disabled (default)
|
| Vm App Name | Specifies the name of the Virtual Machine application used. |
| Aggregate Policer | Specifies the name of aggregate policer with which this rule is associated. |