ip/access-list

Configures, modifies, or retrieves the Internet Protocol (IP) access list configuration.

Resource URIs

URI Description
<base_URI>/config/running/ip The Internet Protocol configuration.
<base_URI>/config/running/ip/access-list/standard Standard IP ACL configuration.
<base_URI>/config/running/ip/access-list/standard/{ACL-name}/seq Sequence number configuration.
<base_URI>/config/running/ip/access-list/extended Extended IP ACL configuration.
<base_URI>/config/running/ip/access-list/extended/{ACL-name}/seq Sequence number configuration.
GET URIs Description
<base_URI>/config/running/ip/access-list Retrieves IP access list.
<base_URI>/config/running/ip/access-list/standard Retrieves standard IP access list.
<base_URI>/config/running/ip/access-list/standard/{acl-name} Retrieves a standard IP ACL.
<base_URI>/config/running/ip/access-list/extended Retrieves extended IP access list.
<base_URI>/config/running/ip/access-list/extended/{acl-name} Retrieves an extended IP ACL.
POST URIs Payload Description
<base_URI>/config/running/ip/access-list <standard><name>{acl-name}</name></standard> Configures a standard ACL.
<base_URI>/config/running/ip/access-list <extended><name>{acl-name}</name></extended> Configures an extended ACL.
DELETE URIs
<base_URI>/config/running/running/ip/access-list
<base_URI>/config/running/running/ip/access-list/standard
<base_URI>/config/running/running/ip/access-list/standard/{name}
<base_URI>/config/running/running/ip/access-list/standard/{acl-name}/seq/{seq-id}
<base_URI>/config/running/running/ip/access-list/extended
<base_URI>/config/running/running/ip/access-list/extended/{name}
<base_URI>/config/running/running/ip/access-list/extended/{acl-name}/seq/{seq-id}

Parameters

name
Specifies the IPv4 access list name.
seq
Specifies the sequence number.
seq-id
Specifies the sequence number for the rule.
action
Specifies the action to be performed. Supported actions are deny, hard-drop, and permit. Configuring deny drops traffic. Configuring hard-drop force drops traffic. Configuring permit allows traffic.
src-host-any-sip
Specifies any source host IP address.
src-host-ip
Specifies the source host IP address.
src-mask
Configures the source IP address mask.
count
Enables the counting of the packets matching the rule.
log
Packets matching the filter are sent to the CPU and a corresponding log entry is generated by enabling the logging mechanism. This parameter is only available with permit and deny.
protocol-type
The type of protocol used.
dst-host-any-dip
Specifies any destination host IP address.
dst-host-ip
Specifies the destination host IP address.
vlan
Specifies the VLAN interface number.
dscp
Specifies the DSCP field value in IP header when a packet matches a flow.

Usage Guidelines

GET, POST, PUT, PATCH, DELETE, OPTIONS, and HEAD operations are supported.

Examples

URI

The following example uses the GET option to retrieve the access list configurations.

http://host:80/rest/config/running/ip/access-list

None 

<access-list xmlns="urn:brocade.com:mgmt:brocade-ip-access-list" xmlns:y="http://brocade.com/ns/rest" 
y:self="/rest/config/running/ip/access-list">
    <standard y:self="/rest/config/running/ip/access-list/standard/managementtest">
        <name>managementtest</name>
    </standard>
    <standard y:self="/rest/config/running/ip/access-list/standard/stdacl1">
        <name>stdacl1</name>
    </standard>
    <extended y:self="/rest/config/running/ip/access-list/extended/Sachin">
        <name>Sachin</name>
    </extended>
    <extended y:self="/rest/config/running/ip/access-list/extended/extacl1">
        <name>extacl1</name>
    </extended>
    <extended y:self="/rest/config/running/ip/access-list/extended/shipra">
        <name>shipra</name>
    </extended>
    <extended y:self="/rest/config/running/ip/access-list/extended/test1">
        <name>test1</name>
    </extended>
</access-list>

URI

The following example uses the POST option to configure a standard access list.

http://host:80/rest/config/running/ip/access-list 

<standard >
    <name>std10</name>
</standard>

None

URI

The following example uses the DELETE option to remove a standard access list.

http://host:80/rest/config/running/ip/access-list/standard/std10

None

None

9036681-01 Rev AA