filter acl set

Configure an access control list (ACL) filter.

Syntax

Command Parameters

{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

<acl-id>

Specifies the ACL ID. Use the CLI Help to see the available range for the switch.

default-action <permit|deny>
Specifies the action to be taken when none of the access control entries (ACEs) match. The options are deny or permit.
Note

Note

To configure the ACL default policer, you must specify the permit option.

policer
Specifies the default action to be taken to permit or deny the policer. By attaching a policer to an ACL ACE entry, you can limit the bandwidth of an ingress flow for that ACE.
svc-rate <0-4000000000>
Specifies the rate of transfer of traffic which has to be delivered.
peak-rate <8-4000000000>
Specifies the maximum rate of transfer of traffic above which the packets are dropped at ingress.
global-action {monitor-dst-mlt<1-512>|monitor-dst-ports}
Specifies the action to be taken for all access control entry (ACE) matches. The options are: monitor-dst-mlt <1-512>|
monitor-dst-ports {slot/port[/sub-port][-slot/port[/sub-port]][,...]}.

Default

The default action is deny.

Command Mode

Global Configuration

Usage Guidelines

This command does not apply to all hardware platforms. For more information about feature support, see Fabric Engine and VOSS Feature Support Matrix.