/system/acls/{ACL.name},{ACL.list_type}/cfg_aces

post

https://switch-ip/rest/v10.16/system/acls/{ACL.name},{ACL.list_type}/cfg_aces

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Path Params

ACL.name

string

required

Reference Resource: ACL
Name of an Access Control List.

ACL.list_type

string

enum

required

Reference Resource: ACL
Type of an Access Control List.

Allowed:

Body Params

action

string

enum

'permit': packets will be forwarded 'deny': packets will be dropped ACE will only be activated when an associated action is provided. An empty column value indicates that this qualifier will not be used to match packets.

Allowed:

comment

string

length ≤ 256

Comment associated with the ACE. This column value can be empty.

count

boolean

ACE attribute count action: when true, increment hit count for packets that match this ACL.

dscp

integer

0 to 63

Differentiated Services Code Point matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

dst_ip

string

length between 7 and 79

Destination IP matching attribute: If no IP address is specified, the ACL Entry will not match on destination IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D/W:X::Y:Z) If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets.

dst_ip_group

string

Reference Resource: ACL_Object_Group
Destination IP address group matching attribute. This attribute is mutually exclusive with the destination IP address attribute. If dst_ip_group is configured, dst_ip will be ignored. The referenced object group must be of type 'ipv4' or 'ipv6'. An empty column value indicates that this qualifier will not be used to match packets.

dst_l4_port_group

string

Reference Resource: ACL_Object_Group
IP destination port group matching attribute. This attribute is mutually exclusive to the dst_l4_port_min, dst_l4_port_max, and dst_l4_port_range_reverse attributes. If this attribute is configured, the dst_l4_port_min, dst_l4_port_max, and dst_l4_port_range_reverse attributes will be ignored. The referenced object group must be of type 'l4port'. An empty column value indicates that this qualifier will not be used to match packets.

dst_l4_port_max

integer

0 to 65535

Maximum IP destination port matching attribute: Used in conjunction with dst_l4_port_min and dst_l4_port_range_reverse. An empty column value indicates that this qualifier will not be used to match packets.

dst_l4_port_min

integer

0 to 65535

Minimum IP destination port matching attribute: Used in conjunction with dst_l4_port_max and dst_l4_port_range_reverse. An empty column value indicates that this qualifier will not be used to match packets.

dst_mac

string

length between 1 and 29

Destination MAC matching attribute: AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets.

ecn

integer

0 to 3

Explicit Congestion Notification matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

ethertype

integer

0 to 65535

Ethernet type matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

fragment

boolean

Fragment matching attribute.

icmp_code

integer

0 to 255

ICMP code matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

icmp_type

integer

0 to 255

ICMP type matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

ip_precedence

integer

0 to 7

IP Precedence matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

log

boolean

ACE attribute log action: when true, log information for packets that match this ACL.

pcp

integer

0 to 7

Priority Code Point matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

protocol

integer

0 to 255

IPv4 protocol matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

sequence_number

integer

required

Reference Resource: ACL_Entry
ACL entries as configured by the user. An empty column value indicates that no match criteria is specified for this list.

src_ip

string

length between 7 and 79

Source IP matching attribute: If no IP address is specified, the ACL Entry will not match on source IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D/W:X::Y:Z) If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets.

src_ip_group

string

Reference Resource: ACL_Object_Group
Source IP address group matching attribute. This attribute is mutually exclusive with the source IP address attribute. If src_ip_group is configured, src_ip will be ignored. The referenced object group must be of type 'ipv4' or 'ipv6'. An empty column value indicates that this qualifier will not be used to match packets.

src_l4_port_group

string

Reference Resource: ACL_Object_Group
IP source port group matching attribute. This attribute is mutually exclusive to the src_l4_port_min, src_l4_port_max, and src_l4_port_range_reverse attributes. If this attribute is configured, the src_l4_port_min, src_l4_port_max, and src_l4_port_range_reverse attributes will be ignored. The referenced object group must be of type 'l4port'. An empty column value indicates that this qualifier will not be used to match packets.

src_l4_port_max

integer

0 to 65535

Maximum L4 port to match on the packet. An empty column value indicates that this qualifier will not be used to match packets.

src_l4_port_min

integer

0 to 65535

Minimum L4 port to match on the packet. An empty column value indicates that this qualifier will not be used to match packets.

src_mac

string

length between 1 and 29

Source MAC matching attribute: AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ If an invalid format is used via REST, it will be accepted. Verify configurations are valid by checking for error log messages and configuration warnings in CLI. An empty column value indicates that this qualifier will not be used to match packets.

tcp_ack

boolean

TCP ACK flag matching attribute.

tcp_cwr

boolean

TCP CWR flag matching attribute.

tcp_ece

boolean

TCP ECE flag matching attribute.

tcp_established

boolean

TCP Established state (ACK or RST flag is set).

tcp_fin

boolean

TCP FIN flag matching attribute.

tcp_psh

boolean

TCP PSH flag matching attribute.

tcp_rst

boolean

TCP RST flag matching attribute.

tcp_syn

boolean

TCP SYN flag matching attribute.

tcp_urg

boolean

TCP URG flag matching attribute.

tos

integer

0 to 31

IP Type of Service value matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

ttl

integer

0 to 255

Time-to-live matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

vlan

integer

1 to 4094

VLAN-ID matching attribute. An empty column value indicates that this qualifier will not be used to match packets.

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Loading…

Response

Click Try It! to start a request and see the response here!