Configuring ACEs
Use an ACE to define packet attributes and the desired behavior for packets that carry the attribute or list of attributes.
Before you begin
The ACL exists. If you want to use IPv6 filters, you must specify the packet type as IPv6 at the ACL level to enable IPv6 filtering.
About this task
ACLs are by default created in enabled state while ACEs are by default created in disabled state. Use CLI commands to enable an ACE.
Procedure
Variable definitions
Use the data in the following table to use the filter acl ace and the filter acl ace action commands.
Variable |
Value |
---|---|
<acl-id> |
Specifies the ACL ID. Use the CLI Help to see the available range for the switch. |
<ace-id> |
Specifies the ACE ID. Different hardware platforms support different ACE ID ranges. Use the CLI Help to see the available range for the switch. |
<deny|permit> |
Configures the action mode for security ACEs. Note:
For each Security ACE, you must define one or more actions as well as the associated action mode (permit or deny). Otherwise, the security ACE cannot be enabled. There is no default configuration for Security ACEs. With QoS ACE, the action mode is not configurable. QoS ACEs are always set to action mode permit. |
enable |
Enables an ACE within an ACL. After you enable an ACE, to make changes, first disable it. |
name WORD<0-32> |
Specifies an optional descriptive name for the ACE that uses 0–32 characters. |