/system/acls/{name},{list_type}/cfg_aces

post

https://switch-ip/rest/v10.08/system/acls/{name},{list_type}/cfg_aces

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Path Params

name

string

required

Reference Resource: ACL
Name of an Access Control List.

list_type

string

enum

required

Reference Resource: ACL
Type of an Access Control List.

Allowed:

Body Params

src_ip_group

string

Reference Resource: ACL_Object_Group
Source IP address group matching attribute. This attribute is mutually exclusive with the source IP address attribute. If src_ip_group is configured, src_ip will be ignored. The referenced object group must be of type 'ipv4' or 'ipv6'.

log

boolean

ACE attribute log action: when true, log information for packets that match this ACL.

vlan

integer

0 to 4095

VLAN-ID matching attribute.

ecn

integer

0 to 3

Explicit Congestion Notification matching attribute.

tcp_cwr

boolean

TCP CWR flag matching attribute.

ethertype

integer

0 to 65535

Ethernet type matching attribute.

fragment

boolean

Fragment matching attribute.

src_ip

string

length ≤ 100

Source IP matching attribute: If no IP address is specified, the ACL Entry will not match on source IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D | A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D | A:B::C:D/W:X::Y:Z)

action

string

enum

'permit': packets will be forwarded 'deny': packets will be dropped ACE will only be activated when an associated action is provided

Allowed:

src_mac

string

length ≤ 29

Source MAC matching attribute: Format (AAAA.BBBB.CCCC | AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ)

pcp

integer

0 to 7

Priority Code Point matching attribute.

ttl

integer

0 to 255

Time-to-live matching attribute.

src_l4_port_group

string

Reference Resource: ACL_Object_Group
IP source port group matching attribute. This attribute is mutually exclusive to the src_l4_port_min, src_l4_port_max, and src_l4_port_range_reverse attributes. If this attribute is configured, the src_l4_port_min, src_l4_port_max, and src_l4_port_range_reverse attributes will be ignored. The referenced object group must be of type 'l4port'.

dst_ip_group

string

Reference Resource: ACL_Object_Group
Destination IP address group matching attribute. This attribute is mutually exclusive with the destination IP address attribute. If dst_ip_group is configured, dst_ip will be ignored. The referenced object group must be of type 'ipv4' or 'ipv6'.

count

boolean

ACE attribute count action: when true, increment hit count for packets that match this ACL.

tcp_ece

boolean

TCP ECE flag matching attribute.

sequence_number

integer

required

Reference Resource: ACL_Entry
ACL entries as configured by the user.

tcp_ack

boolean

TCP ACK flag matching attribute.

dst_mac

string

length ≤ 29

Destination MAC matching attribute: Format (AAAA.BBBB.CCCC | AAAA.BBBB.CCCC/XXXX.YYYY.ZZZZ)

comment

string

length ≤ 256

Comment associated with the ACE

dst_l4_port_max

integer

0 to 65535

Maximum IP destination port matching attribute: Used in conjunction with dst_l4_port_min and dst_l4_port_range_reverse.

icmp_code

integer

0 to 255

ICMP code matching attribute.

protocol

integer

0 to 255

IPv4 protocol matching attribute.

dscp

integer

0 to 63

Differentiated Services Code Point matching attribute.

tos

integer

0 to 31

IP Type of Service value matching attribute.

dst_l4_port_min

integer

0 to 65535

Minimum IP destination port matching attribute: Used in conjunction with dst_l4_port_max and dst_l4_port_range_reverse.

tcp_rst

boolean

TCP RST flag matching attribute.

tcp_established

boolean

TCP Established state (ACK or RST flag is set).

src_l4_port_min

integer

0 to 65535

Minimum L4 port to match on the packet.

src_l4_port_max

integer

0 to 65535

Maximum L4 port to match on the packet.

ip_precedence

integer

0 to 7

IP Precedence matching attribute.

dst_ip

string

length ≤ 100

Destination IP matching attribute: If no IP address is specified, the ACL Entry will not match on destination IP address. The following IPv4 and IPv6 address formats are accepted. IPv4 format (A.B.C.D | A.B.C.D/W.X.Y.Z) IPv6 format (A:B::C:D | A:B::C:D/W:X::Y:Z)

tcp_urg

boolean

TCP URG flag matching attribute.

tcp_syn

boolean

TCP SYN flag matching attribute.

tcp_fin

boolean

TCP FIN flag matching attribute.

icmp_type

integer

0 to 255

ICMP type matching attribute.

tcp_psh

boolean

TCP PSH flag matching attribute.

dst_l4_port_group

string

Reference Resource: ACL_Object_Group
IP destination port group matching attribute. This attribute is mutually exclusive to the dst_l4_port_min, dst_l4_port_max, and dst_l4_port_range_reverse attributes. If this attribute is configured, the dst_l4_port_min, dst_l4_port_max, and dst_l4_port_range_reverse attributes will be ignored. The referenced object group must be of type 'l4port'.

Responses

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

415

Unsupported Media Type

500

Internal Server Error

501

Not Implemented

503

Service Unavailable

Language

Loading…