overlay access-list type vxlan extended

Creates an overlay VXLAN extended ACL for deep inspection.

Syntax

overlay access-list type vxlan extended acl-name
no overlay access-list type vxlan extended acl-name

Command Default

No overlay VXLAN extended ACL is defined.

Parameters

acl-name
Specifies the overlay ACL name.

Modes

Global configuration mode

Usage Guidelines

Overlay ACLs are not supported for SLX 9150 or SLX 9250 devices.

Extended ACLs enable you to configure VXLAN tunnel endpoints (VTEP source and destination IP), VNI and VNI IP range, inner source and destination IP and networks, and inner source and destination ports.

To delete an overlay VXLAN extended ACL, use the no form of this command .

Examples

The following example creates an overlay VXLAN extended ACL and then defines a permit rule. 

device# configure terminal
device(config)# overlay access-list type vxlan extended ovr_vxl_ext
device(conf-overlayacl-ext-vxlan)# seq 10 permit dst-vtep-ip any src-vtep-ip 20.1.1.100 vni 50 native tag none dst-ip 100.1.1.1 src-ip any dst-port 5555 src-port 6666 count mirror ethernet 1/4
9036689-01 Rev AA