Use IP access control entries (ACEs) to filter on the source IP address, destination IP address, DiffServ Code Point (DSCP), protocol, IP options, IP fragmentation parameters, and routed packets.
default filter acl ace ip <acl-id> <ace-id>
filter acl ace ip <acl-id> <ace-id> dscp eq <0-63 | 0-63>
filter acl ace ip <acl-id> <ace-id> dst-ip eq {A.B.C.D}
filter acl ace ip <acl-id> <ace-id> dst-ip mask {A.B.C.D} <0-32>
filter acl ace ip <acl-id> <ace-id> dst-ip mask {A.B.C.D} {A.B.C.D}
filter acl ace ip <acl-id> <ace-id> dst-ip range {A.B.C.D} {A.B.C.D}
filter acl ace ip <acl-id> <ace-id> ip-frag-flag eq { noFragment | anyFragment }
filter acl ace ip <acl-id> <ace-id> ip-options any
filter acl ace ip <acl-id> <ace-id> ip-protocol-type eq WORD<1-256>
filter acl ace ip <acl-id> <ace-id> src-ip eq {A.B.C.D}
filter acl ace ip <acl-id> <ace-id> src-ip mask {A.B.C.D} <0-32>
filter acl ace ip <acl-id> <ace-id> src-ip mask {A.B.C.D} {A.B.C.D}
filter acl ace ip <acl-id> <ace-id> dscp mask <0-63 | 0-63> <0-0x40 | 0x0-0x0>
filter acl ace ip <acl-id> <ace-id> dst-ip eq WORD <1-1024>
filter acl ace ip <acl-id> <ace-id> routed-only
no filter acl ace ip <acl-id> <ace-id> dscp
no filter acl ace ip <acl-id> <ace-id> dst-ip
no filter acl ace ip <acl-id> <ace-id> ip-frag-flag
no filter acl ace ip <acl-id> <ace-id> ip-options
no filter acl ace ip <acl-id> <ace-id> ip-protocol-type
no filter acl ace ip <acl-id> <ace-id> src-ip
no filter acl ace ip <acl-id> <ace-id> routed-only
no filter acl ace ip <acl-id> <ace-id>
Specifies the ACE ID. Different hardware platforms support different ACE ID ranges. Use the CLI Help to see the available range for the switch.
Specifies the ACL ID. Use the CLI Help to see the available range for the switch.
phbcs0
phbcs1
phbaf11
phbaf12
phbaf13
phbcs2
phbaf21
phbaf22
phbaf23
phbcs3
phbaf31
phbaf32
phbaf33
phbcs4
phbaf41
phbaf42
phbaf43
phbcs5
phbcs6
phbef
phbcs7
a.b.c.d
[w.x.y.z-p.q.r.s]
[l.m.n.o/mask]
[a.b.c.d/len]
(1-256)
icmp
tcp
udp
ipsecesp
ipsecah
ospf
vrrp
undefined
a.b.c.d
[w.x.y.z-p.q.r.s]
[l.m.n.o/mask]
[a.b.c.d/len]
None
Global Configuration
The routed-only parameter is not supported for Multicast packets.