filter acl set

Configure an access control list (ACL) filter.

Syntax

Command Parameters

{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

Identifies the slot and port in one of the following formats:

  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

<1-2048>

Specifies the ACL ID.

control-packet-action <deny | permit
In case of no access control entry (ACE) matches, specifies the action to apply on control packets. The default is permit.
default-action <permit|deny>
Specifies the action to be taken when none of the ACEs match. The options are deny or permit.
Note

Note

To configure the ACL default policer, you must specify permit as the default action.

To configure a control-packet-action, you must specify deny as the default action.

policer
Specifies the default action to be taken to permit or deny the policer. By attaching a policer to an ACL ACE entry, you can limit the bandwidth of an ingress flow for that ACE.
svc-rate <0-4000000000>
Specifies the rate of transfer of traffic which has to be delivered.
peak-rate <8-4000000000>
Specifies the maximum rate of transfer of traffic above which the packets are dropped at ingress.
global-action {monitor-dst-mlt<1-512>|monitor-dst-ports}
Specifies the action to be taken for all access control entry (ACE) matches. The options are: monitor-dst-mlt <1-512>|
monitor-dst-ports {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}.

Default

The default action is deny.

Command Mode

Global Configuration