Use this command to create an IP address for an Access Control List (ACL). ACLs are rules that you apply to allow or deny access to hosts or IP addresses.

Syntax   acl-ip-create

name name-string

Specify the name of the ACL.

action permit|deny

Specify the permission of the ACL as either permit or deny.

scope local|fabric

Specify the scope of the ACL.

Specify at least one of the following options:

src-ip ip-address

Specify the source IP address of the ACL.

src-ip-mask netmask

Specify the source IP mask of the ACL.

dst-ip ip-address

Specify the destination IP address of the ACL.

dst-ip-mask netmask

Specify the destination IP mask of the ACL.

Then any of the following options:

proto [tcp|udp|icmp|igmp|ip|icmpv6

Specify the protocol flag filter of the ACL.

src-port src-port-number

Specify the source port number.

dst-port dst-port-number

Specify the destination port number

vnet vnet-name

Specify the name of the vNET.

bd bridge-domain name

Specify the domain name of the bridge.

vlan vlan-id

Specify the VLAN to apply the ACL. This is a numeric value between 0, and 4095.

port port-number

If the scope is local, Specify the switch port of the ACL.

Defaults   None

Access   CLI


Version 1.2.1

Command introduced.

Version 2.4

The option igmp added to the parameter, protocol.

Version 2.4.1

The parameter vnet added.

Usage   IP ACLs can be used to filter network traffic. Use this command to create a new IP ACL.

Informational Note:  The source or destination IP address/mask of means any address.
The source or destination IP address/mask of is the same as “host”.

Examples  This example shows how to create a fabric-wide ACL named MyWebACL allowing HTTP traffic (port 80) from any host to the web server with IP address

CLI (network-admin@switch) > ip-acl-create name MyWebACL action permit scope fabric src-ip src-msk dst-ip dst-msk prot tcp src-port 80 dst-port 80