acl-ip

Print Page		Document Feedback		Support & Services		Pluribus Networks		LinkedIn		Facebook		Twitter

acl-ip-create

Use this command to create an IP address for an Access Control List (ACL). ACLs are rules that you apply to allow or deny access to hosts or IP addresses.

Syntax acl-ip-create

name name-string	Specify the name of the ACL.
action permit \| deny	Specify the permission of the ACL as either permit or deny.
scope local\|fabric	Specify the scope of the ACL.
Specify at least one of the following options:
src-ip ip-address	Specify the source IP address of the ACL.
src-ip-mask netmask	Specify the source IP mask of the ACL.
dst-ip ip-address	Specify the destination IP address of the ACL.
dst-ip-mask netmask	Specify the destination IP mask of the ACL.
Then any of the following options:
proto [tcp\|udp\|icmp\|igmp\|ip\|icmpv6	Specify the protocol flag filter of the ACL.
src-port src-port-number	Specify the source port number.
dst-port dst-port-number	Specify the destination port number
vnet vnet-name	Specify the name of the VNET.
bd bridge-domain name	Specify the domain name of the bridge.
vlan vlan-id	Specify the VLAN to apply the ACL. This is a numeric value between 0 and 4095.
port port-number	If the scope is local, Specify the switch port of the ACL.

Defaults None

Access CLI

History

Version 1.2.	Command introduced.
Version 2.4	The option, igmp, added to the parameter, protocol.
Version 2.4.1	The parameter, vnet, added.

Usage IP ACLs can be used to filter network traffic. Use this command to create a new IP ACL.

Informational Note: The source or destination IP address/mask of 0.0.0.0/255.255.255.255 means any address.
The source or destination IP address/mask of 208.74.182.229/0.0.0.0 is the same as “host 208.74.182.229”.

Examples This example shows how to create a fabric-wide ACL named MyWebACL allowing HTTP traffic (port 80) from any host to the web server with IP address 208.74.182.229.

CLI network-admin@switch > ip-acl-create name MyWebACL action permit scope fabric src-ip 0.0.0.0 src-msk 255.255.255.255 dst-ip 208.74.182.229 dst-msk 0.0.0.0 prot tcp src-port 80 dst-port 80

acl-ip-delete

Use this command to delete an ACL from the network configuration.

Syntax acl-ip-delete name name-string id

name name-string	Specify the name of the ACL.
id	Specify the identifier assigned to the ACL.

Defaults None

Access CLI

History Command introduced in nvOS Version 1.2.1.

Usage Deletes an ACL from the existing network configuration.

Examples To delete the ACL, net-traffic, use the following command:

CLI network-admin@switch > acl-ip-delete net-traffic

acl-ip-modify

This command allows you to change an existing ACL rule on the switch.

Syntax acl-ip-modify

name name-string	Specifies the name of the ACL.
id id	Specifies the ID assigned by ONVL to the ACL.
The following parameter is optional:
action permit \| deny	Specifies the permission of the ACL to be either permit or deny.
src-ip ip-address	Specifies the source IP address of the ACL.
src-ip-mask netmask	Specifies the source IP mask of the ACL.
dst-ip ip-address	Specifies the destination IP address of the ACL.
dst-ip-mask netmask	Specifies the destination IP mask of the ACL.
Then any of the following options:
proto [tcp\|udp\|icmp\| igmp\|ip\|icmpv6]	Specifies the protocol flag filter of the ACL.
src-port src-port-number	Specifies the source port number.
dst-port dst-port-number	Specifies the destination port number
vnet vnet-name	Specify the name of the VNET.
bd bridge-domain name	Specify the domain name of the bridge.
vlan vlan-id	Specifies the VLAN to apply the ACL. This is a numeric value between 0-4095.
port port-number]	If the scope is local, specifies the switch port of the ACL.

Defaults None.

Access network-admin

History

Version 1.2	Command introduced.
Version 2.3.0	Added the parameters to modify the ACL.
Version 2.4	The option, igmp, added to the parameter, protocol.
Version 2.4.1	The parameter, vnet, added.

Usage Use this command to modify an existing IP ACL.

Examples To modify the ACL, net-traffic, from deny to permit, use the following command:

CLI network-admin@switch > acl-ip-modify net-traffic action permit

acl-ip-show

Use this command to display information about ACLs configured on the switch.

Syntax acl-ip-show

name name-string	Specifies the name of the ACL.
id	Species the ID assigned to the ACL.
action permit \| deny	Specifies the permission of the ACL to be either permit or deny.
scope local\|fabric	Specifies the scope of the ACL.
src-ip ip-address	Specifies the source IP address of the ACL.
src-ip-mask netmask	Specifies the source IP mask of the ACL.
dst-ip ip-address	Specifies the destination IP address of the ACL.
dst-ip-mask netmask	Specifies the destination IP mask of the ACL.
protocol [tcp\|udp\|icmp\|igmp\|ip\|icmpv6	Specifies the protocol flag filter of the ACL.
src-port src-port-number]	Specifies the source port number.
dst-port dst-port-number	Specifies the destination port number
vnet vnet-name	Specify the name of the VNET.
bd bridge-domain name	Specify the bridge domain name assigned to the ACL.
vlan vlan-id	Specifies the VLAN (0-4095) to apply the ACL.
port port-number	If the scope is local, specifies the switch port of the ACL.

Defaults None

Access CLI

History

Version 1.2	Command introduced.
Version 2.3.0	Added the parameters to modify the ACL.
Version 2.4	The option, igmp, added to the parameter, protocol.
Version 2.4.1	The parameter, vnet, added.

Usage Displays the list of IP ACLS in the configuration. .

Examples This example shows how to display all IP ACLs.

CLI network-admin@switch > acl-ip-show

name id action prot sip smsk sprt dip dmsk dprt vlan scope unit slot port

test1 54147812341841995 deny udp 192.192.100.100 0.0.0.0 20 192.168.1.100

0.0.0.0 40 0 local 0 0 0

test2 54147812341841996 deny udp 192.192.100.100 0.255.255.255 20

192.168.1.100 0.0.255.255 40 0 local 0 0 0