Action Modifiers

Additional actions can also be specified, independent of whether the packet is dropped or forwarded. These additional actions are called action modifiers. Not all action modifiers are available on all switches, and not all are available for both ingress and egress ACLs. The action modifiers are:
  • class-id value 0-4095—Signifies that the rule will be installed in the LOOKUP stage access-list resource. Class-id range varies from platform to platform.
  • count countername—Increments the counter named in the action modifier.
    Note

    Note

    The clearflow counters work when the ACL is applied to a VLAN, but not if applied to a port or wildcard.
    • ingress—all platforms
    • egress—ExtremeSwitching and Summit X450-G2, X460-G2, X670-G2, X770, X440-G2, X590, X620, X690, X870 series switches only. On egress, count does not work in combination with deny action.
    Note

    Note

    On egress, count does not work in combination with deny action in some platforms
  • add-vlan-id—Adds a new outer VLAN (Virtual LAN) id. If the packet is untagged it will add a vlan tag to the packet. If the packet is tagged, it will add additional VLAN tag. Only supported in VLAN Lookup stage (VFP).
  • byte-count byte counter name—Increments the byte counter named in the action modifier
  • packet-count packet counter name—Increments the packet counter named in the action modifier.
  • log—Logs the packet header.
  • log-raw—Logs the packet header in hex format.
  • meter metername—Takes action depending on the traffic rate. (Ingress and egress meters are supported on the platforms listed for these features in the ExtremeXOS 22.7 Feature License Requirements document.
  • mirror—Rules that contain mirror as an action modifier will use a separate slice.
  • mirror-cpu—Mirrors a copy of the packet to the CPU in order to log it. It is supported only in ingress.
  • qosprofile qosprofilename—Forwards the packet to the specified QoS (Quality of Service) profile.
    • ingress—all platforms
    • egress—does not forward the packets to the specified qosprofile. If the action modifier “replace-dot1p” is present in the ACL rule, the dot1p field in the packet is replaced with the value from associated qosprofile. ExtremeSwitching and Summit X460-G2, X670-G2, X770, X590, X690, X870 series switches only.
  • redirect ipv4 addr—Forwards the packet to the specified IPv4 address.
  • redirect-no-replace-l2-sa IP nexthop address—Forwards the packet to the specified IPv4 address without changing the source MAC address. Only apply to “L3 routable” traffic. Layer-2 traffic is not subject to matching.
  • redirect-port port—Overrides the forwarding decision and changes the egress port used. If the specified port is part of a load share group then this action will apply the load sharing algorithm.
  • redirect-port-list port_list—Supports multiple redirect ports as arguments. When used in an ACL, matching packets are now redirected to multiple ports as specified in the ACL while overriding the default forwarding decision. Maximum number of ports that can be mentioned in this list is 64. (ExtremeSwitching and Summit X450-G2, X460-G2, X670-G2, X770, X440-G2, X590, X620, X690, X870.)
  • redirect-port-no-sharing port—Overrides the forwarding decision and changes the egress port used. If the specified port is part of a load share group then this action overrides the load sharing algorithm and directs matching packets to only this port.
  • redirect-name name—Specifies the name of the flow-redirect that must be used to redirect matching traffic.
  • redirect-vlan—Redirects the traffic to all ports in the matching VLAN. With L3 unicast routing, floods on the egress VLAN members.
  • replace-dscp—Replaces the packet‘s DSCP field with the value from the associated QoS profile.
    • ingress
    • egress—ExtremeSwitching and Summit X450-G2, X460-G2, X670-G2, X770, X440-G2, X590, X620, X690, X870 series switches only
  • replace-dot1p—Replaces the packet‘s 802.1p field with the value from the associated QoS profile.
    • ingress
    • egress
  • replace-dot1p-value value—Replaces the packet's 802.1p field with the value specified without affecting the QoS profile assignment.
    • ingress
    • egress
  • replace-ethernet-destination-address mac-address—Replaces the packet's destination MAC address; this is applicable only to layer-2 forwarded traffic.
  • replace-vlan-id —Replaces an outer VLAN ID in a double-tagged packet or a single VLAN tag in a single-tagged packet.
    • ingress
    • egress