seq (deny/permit rules in
UDAs)
Inserts filtering rules into user-defined ACLs (UDAs).
Syntax
seq
seq-value
{
deny
|
permit
}
uda-value-0
mask-0
uda-value-1
mask-1
uda-value-2
mask-2
uda-value-3
mask-3
[
count
]
[
log
]
[
mirror
]
[
copy-sflow
]
{
deny
|
permit
}
uda-value-0
mask-0
uda-value-1
mask-1
uda-value-2
mask-2
uda-value-3
mask-3
[
count
]
[
log
]
[
mirror
]
[
copy-sflow
]
no
{
deny
|
permit
}
uda-value-0
mask-0
uda-value-1
mask-1
uda-value-2
mask-2
uda-value-3
mask-3
[
count
]
[
log
]
[
mirror
]
[
copy-sflow
]
Command Default
The concluding, default rule is deny.
Parameters
- seq
- (Optional) Enables you to assign a sequence number to the rule. If you do not specify
seq
seq-value, the rule is added at the end of the list.
- seq-value
- Valid values range from 1 through 65535.
- deny
- Specifies rules to deny traffic.
- permit
- Specifies rules to permit traffic.
- uda-value-0,
uda-value-1,
uda-value-2,
uda-value-3
- Specifies the hex values with which traffic is matched, at the offsets defined in the UDA profile.
- mask-0,
mask-1,
mask-2,
mask-3
- Specifies hex-value masks for the UDA values.
- count
- Enables statistics for the rule.
- log
- (Not supported for UDAs) Enables inbound
logging for the rule.
- mirror
- (Not supported for UDAs) Mirrors packets matching the rule.
- copy-sflow
- (Not supported for UDAs) Sends matching inbound packets to the sFlow collector.
Modes
UDA configuration mode
Usage Guidelines
UDAs are supported only on SLX 9850 devices configured as network
packet-brokers (NPBs).
The order of the rules in an ACL is critical, as the first matching rule stops further processing. When creating rules, specifying sequence values determines the order of rule processing. If you do not specify a sequence value, the rule is added to the end of the list.
Traffic not specifically permitted is dropped by a default final deny rule.
To delete a rule from an ACL, do the relevant of the following:
- If you know the rule number, enter
no seq
seq-value.
- If you do not know the rule number, type
no followed by the full syntax without
seq
seq-value.
Examples
The following example creates a UDA and defines a permit rule, with statistics enabled for the rule.
device# configure terminal
device(config)# uda access-list extended uda_01
device(conf-udaacl-ext)# permit 0x00001111 0x0000ffff 0x00002222 0x0000ffff 0x00003333 0x0000ffff 0x00004444 0x0000ffff count
