Configure an ACE

Note

Note

DEMO FEATURE - Policy Based Routing (Redirect Next Hop) per VRF is a demonstration feature on some products. Demonstration features are provided for testing purposes. Demonstration features are for lab use only and are not for use in a production environment. For more information, see Fabric Engine and VOSS Feature Support Matrix.

Before you begin

  • The ACL exists.

Procedure

  1. In the navigation pane, expand the Configuration > Security > Data Path folders.
  2. Click Advanced Filters (ACE/ACLs).
  3. Click the ACL tab.
  4. Select the ACL to which to add an ACE.
  5. Click ACE.
  6. Click the ACE Common tab.
  7. Click Insert.
  8. Configure the ACE ID.
  9. Name the ACE.
  10. Choose the mode: deny (drop packets) or permit (forward packets).
  11. Configure the ACE actions as required.
  12. Click Insert.
  13. Configure the ACE attributes as required.
  14. To enable the ACE, in the ACE Common tab, configure AdminState to enable, and then click Apply.
  15. To delete an ACE Common entry, select the entry, and then click Delete.

ACE Common field descriptions

Use the data in the following table to use the ACE Common tab.

Name

Description

AclId

Specifies the ACL ID.

AceId

Specifies the ACE ID.

Name

Specifies a descriptive user-defined name for the ACE. The system automatically assigns a name if you do not type one.

AdminState

Indicates the status of the ACE as enabled or disabled. You can modify an ACE only if you disable it.

OperState

Indicates the current operational state of the ACE.

Mode

Indicates the operating mode for this ACE. Valid options are deny and permit, with deny as the default.

RedirectNextHop

Redirects matching IPv4/IPv6 traffic to IPv4/IPv6 nexthop.

RedirectNextHopVrfname

Specifies the direct next hop VRF name. The name must be in the range of 1 to 16 characters.

RedirectUnreach

Denies or permits packet dropping when the next hop for the packet is unreachable.

The default value is deny.

This action is a security action.

InternalQos

This variable is a QoS action.

The default value is 1.

RemarkDscp

Specifies whether the DSCP parameter marks nonstandard traffic classes and local-use Per-Hop Behavior. The default is disable. Use this option to create a QoS ACE.

RemarkDot1Priority

Specifies whether Dot1 Priority, as described by Layer 2 standards (802.1Q and 802.1p) is enabled. The default is disable. Use this option to create a QoS ACE.