Configure Global and Default Actions for an ACL
Configure the default action to specify packet treatment if a packet does not match an ACE.
Configure the global action to specify packet treatment if a packet does match an ACE. You can only configure the global action for ingress ACLs.
Before you begin
Ensure that the ACL exists.
Procedure
Variable Definitions
The following table defines parameters for the filter acl set commands.
Variable |
Value |
---|---|
<1-2048> |
Specifies the ACL ID. |
control-packet-action <deny | permit> |
Specifies the action to apply on control packets when none of the ACEs match. The default is permit. To use this optional parameter, you must configure the default-action to deny. |
default-action <permit | deny> |
Specifies the default action to take when none of the ACEs match. Options are <permit | deny>. The default is permit. |
monitor-dst-mlt <1–512> |
Configures mirroring to a destination MLT in the range of 1 to 512. |
monitor-dst-ports {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]} |
Specifies the global action to take for matching ACEs:
Identifies the
slot and port in one of the following formats:
|
policer svc-rate <0-4000000000> peak-rate <8-4000000000> Note:
Exception: only supported on VSP 4900 Series and VSP 7400 Series. |
Specifies the policer for filter with service rate and peak transfer rate of packets. The service rate value specifies the rate of traffic committed to be delivered. Packets above the specified peak rate value are dropped on ingress. To use this optional parameter, you must configure the default-action to permit. |