Action Modifiers
Additional actions can also be specified, independent of whether the
packet is dropped or forwarded. These additional actions are called action
modifiers. Not all action modifiers are available on all switches, and not
all are available for both ingress and egress ACLs. The action modifiers
are:
- class-id value
0-4095—Signifies that the rule will
be installed in the LOOKUP stage access-list resource.
Class-id range varies from platform to platform.
- count
countername—Increments the counter
named in the action modifier.
- ingress—all platforms
- egress—Summit
X450-G2, X460-G2, X670-G2, X770, and
ExtremeSwitching X440-G2, X870, X620, X690 series
switches only. On egress, count does not work in
combination with deny action.
Note
On egress, count does not
work in combination with deny action in some
platforms
- add-vlan-id—Adds a new outer
VLAN (Virtual LAN)
id. If the packet is untagged it will add a vlan tag to the
packet. If the packet is tagged, it will add additional VLAN
tag. Only supported in VLAN Lookup stage (VFP).
- byte-count byte
counter name—Increments the byte
counter named in the action modifier
- packet-count packet counter name—Increments the
packet counter named in the action modifier.
- log—Logs the packet header.
- log-raw—Logs the packet header in hex
format.
- meter
metername—Takes action depending on
the traffic rate. (Ingress and egress meters are supported
on the platforms listed for these features in the ExtremeXOS 22.3 Feature License Requirements document.
- mirror—Rules that contain mirror as an
action modifier will use a separate slice.
- mirror-cpu—Mirrors a copy of the packet to
the CPU in order to log it. It is supported only in
ingress.
- qosprofile qosprofilename—Forwards the packet
to the specified QoS (Quality of Service)
profile.
- ingress—all platforms
- egress—does not forward the
packets to the specified qosprofile. If the action
modifier “replace-dot1p” is present in the ACL
rule, the dot1p field in the packet is replaced
with the value from associated qosprofile. Summit
X460-G2, X670-G2, X770, and ExtremeSwitching X870,
X690 series switches only.
- redirect ipv4
addr—Forwards the packet to the
specified IPv4 address.
- redirect-no-replace-l2-sa IP nexthop
address—Forwards the packet to the
specified IPv4 address without changing the source MAC
address. Only apply to “L3 routable” traffic. Layer-2
traffic is not subject to matching.
- redirect-port port—Overrides the forwarding
decision and changes the egress port used. If the specified
port is part of a load share group then this action will
apply the load sharing algorithm.
- redirect-port-list
port_list—Supports multiple redirect
ports as arguments. When used in an ACL, matching packets
are now redirected to multiple ports as specified in the ACL
while overriding the default forwarding decision. Maximum
number of ports that can be mentioned in this list is 64.
(Summit X450-G2, X460-G2, X670-G2, X770, and
ExtremeSwitching X440-G2, X870, X620, X690.)
- redirect-port-no-sharing port—Overrides the forwarding decision and
changes the egress port used. If the specified port is part
of a load share group then this action overrides the load
sharing algorithm and directs matching packets to only this
port.
- redirect-name name—Specifies the name of the
flow-redirect that must be used to redirect matching
traffic.
- redirect-vlan—Redirects the traffic to all
ports in the matching VLAN. With L3 unicast routing, floods
on the egress VLAN members.
- replace-dscp—Replaces the packet‘s DSCP
field with the value from the associated QoS profile.
- ingress
- egress—Summit
X450-G2, X460-G2, X670-G2, X770, and
ExtremeSwitching X440-G2, X870, X620, X690 series
switches only
- replace-dot1p—Replaces the packet‘s 802.1p
field with the value from the associated QoS profile.
- replace-dot1p-value value—Replaces the packet's 802.1p field with
the value specified without affecting the QoS profile
assignment.
- replace-ethernet-destination-address mac-address—Replaces the packet's
destination MAC address; this is applicable only to layer-2
forwarded traffic.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB