Configure the access control entry (ACE) action mode as deny or permit.
default filter acl ace action <acl-id> <ace-id> { permit | deny } internal-qos
default filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt
default filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt count
default filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt count redirect-next-hop
default filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt redirect-next-hop
default filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt redirect-next-hop unreachable
default filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-ports
default filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop
default filter acl ace action <acl-id> <ace-id> { permit | deny } remark-dot1p
default filter acl ace action <acl-id> <ace-id> { permit | deny } remark-dscp
default filter acl ace action <acl-id> <ace-id> { permit | deny }
default filter acl ace action <acl-id> <ace-id> { permit | deny } count
filter acl ace action <acl-id> <ace-id> { permit | deny }
filter acl ace action <acl-id> <ace-id> { permit | deny } count
filter acl ace action <acl-id> <ace-id> { permit | deny } internal-qos <0-7>
filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt <1-512>
filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-ports {slot/port[/sub-port][-slot/port[/sub-port]][,...]}
filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop WORD<1-45>
filter acl ace action <acl-id> <ace-id> { permit | deny } remark-dot1p <0-7>
filter acl ace action <acl-id> <ace-id> { permit | deny } remark-dscp <0-256 | 0-256>
filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop WORD<1-45> [count | unreachable | vrf {WORD <1-16>}]
filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop WORD<1-45> unreachable { permit | deny }
filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop WORD<1-45> unreachable { permit | deny } count
filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop WORD<1-45> vrf WORD <1-16> unreachable { permit | deny }
filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop WORD<1-45> vrf WORD <1-16> unreachable { permit | deny } count
no filter acl ace action <acl-id> <ace-id> { permit | deny }
no filter acl ace action <acl-id> <ace-id> { permit | deny } count
no filter acl ace action <acl-id> <ace-id> { permit | deny } internal-qos
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt count
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt count [log [redirect-next-hop]]
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt count redirect-next-hop
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt log
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt log redirect-next-hop
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-mlt redirect-next-hop
no filter acl ace action <acl-id> <ace-id> { permit | deny } monitor-dst-ports
no filter acl ace action <acl-id> <ace-id> { permit | deny } remark-dscp
no filter acl ace action <acl-id> <ace-id> { permit | deny } redirect-next-hop
no filter acl ace action <acl-id> <ace-id> { permit | deny } remark-dot1p
Specifies the ACE ID. Different hardware platforms support different ACE ID ranges. Use the CLI Help to see the available range for the switch.
Specifies the ACL ID. Use the CLI Help to see the available range for the switch.
Note
For each Security ACE, you must define one or more actions as well as the associated action mode (permit or deny). Otherwise, the security ACE cannot be enabled. There is no default configuration for Security ACEs.
With QoS ACEs, the action mode is not configurable. QoS ACEs are always set to action mode permit.
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
phbcs0
phbcs1
phbaf11
phbaf12
phbaf13
phbcs2
phbaf21
phbaf22
phbaf23
phbcs3
phbaf31
phbaf32
phbaf33
phbcs4
phbaf41
phbaf42
phbaf43
phbcs5
phbef
phbcs6
phbcs7
The default to configure ACE actions to meter flows after a packet matches an ACE is disabled.
Global Configuration
DEMO FEATURE - Policy Based Routing (Redirect Next Hop) per VRF is a demonstration feature on some products. Demonstration features are provided for testing purposes. Demonstration features are for lab use only and are not for use in a production environment. For more information on feature support, see Fabric Engine and VOSS Feature Support Matrix.