Acl cli reference

clear acl-plugin sessions

clear acl-plugin sessions

Declaration: aclplugin_clear_command src/plugins/acl/acl.c line 3749

Implementation: acl_clear_aclplugin_fn

delete acl-plugin acl

delete acl-plugin acl index <idx>

Delete an Access Control List (ACL): Removes an ACL at the specified index, which must exist but not in use by any interface.

delete acl-plugin acl index <idx>

Declaration: aclplugin_delete_acl_command src/plugins/acl/acl.c line 3838

Implementation: acl_delete_aclplugin_acl_fn

delete acl-plugin macip acl

delete acl-plugin macip acl index <idx>

Delete a MACIP Access Control List (ACL): Removes an MACIP ACL at the specified index, which must exist but not in use by any interface.

delete acl-plugin macip acl index <idx>

Declaration: aclplugin_macip_delete_acl_command src/plugins/acl/acl.c line 3852

Implementation: acl_macip_delete_aclplugin_acl_fn

set acl-plugin

set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} <seconds>

Declaration: aclplugin_set_command src/plugins/acl/acl.c line 3683

Implementation: acl_set_aclplugin_fn

set acl-plugin acl

set acl-plugin acl [index <idx>] <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> [proto X] [sport X[-Y]] [dport X[-Y]] [tcpflags <int> mask <int>] [tag FOO] {use comma separated list for multiple rules}

Create an Access Control List (ACL)

If index is not specified, a new one will be created. Otherwise, replace the one at this index.

An ACL is composed of more than one Access control element (ACE). Multiple ACEs can be specified with this command using a comma separated list.

Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP ports, but this CLI does not).

An ACL can optionally be assigned a 'tag' - which is an identifier understood by the client. VPP does not examine it in any way.

set acl-plugin acl <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> proto <TCP|UDP> sport <X-Y> dport <X-Y> tcpflags <X> mask <X> [tag FOO]

Declaration: aclplugin_set_acl_command src/plugins/acl/acl.c line 3789

Implementation: acl_set_aclplugin_acl_fn

set acl-plugin interface

set acl-plugin interface <interface> <input|output> <acl INDEX> [del]

[un]Apply an ACL to an interface.: The ACL is applied in a given direction, either input or output. The ACL being applied must already exist.

set acl-plugin interface <input|output> acl <index> [del]

Declaration: aclplugin_set_interface_command src/plugins/acl/acl.c line 3764

Implementation: acl_set_aclplugin_interface_fn

set acl-plugin macip acl

set acl-plugin macip acl <permit|deny|action N> ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma separated list for multiple rules}

Create an MACIP Access Control List (ACL): A MACIP ACL is used to add L2-L3 ACL rules. A MACIP ACL can be added similar to ACL rules by using following command :

set acl-plugin macip acl <permit|deny|action N>  ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma  separated list for multiple rules

}

Declaration: aclplugin_macip_set_acl_command src/plugins/acl/acl.c line 3808

Implementation: acl_set_aclplugin_macip_acl_fn

set acl-plugin macip interface

set acl-plugin macip interface <interface> <acl INDEX> [del]

[un]Apply a MACIP ACL to an interface. The ACL being applied must already exist.

set acl-plugin macip interface <interface> <acl INDEX> [del]

Declaration: aclplugin_macip_set_interface_command src/plugins/acl/acl.c line 3825

Implementation: acl_set_aclplugin_macip_interface_fn

show acl-plugin acl

show acl-plugin acl [index N]

Declaration: aclplugin_show_acl_command src/plugins/acl/acl.c line 3689

Implementation: acl_show_aclplugin_acl_fn

show acl-plugin decode 5tuple

show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX

Declaration: aclplugin_show_decode_5tuple_command src/plugins/acl/acl.c line 3707

Implementation: acl_show_aclplugin_decode_5tuple_fn

show acl-plugin interface

show acl-plugin interface [sw_if_index N] [acl]

Declaration: aclplugin_show_interface_command src/plugins/acl/acl.c line 3713

Implementation: acl_show_aclplugin_interface_fn

show acl-plugin lookup context

show acl-plugin lookup context [index N]

Declaration: aclplugin_show_lookup_context_command src/plugins/acl/acl.c line 3695

Implementation: acl_show_aclplugin_lookup_context_fn

show acl-plugin lookup user

show acl-plugin lookup user [index N]

Declaration: aclplugin_show_lookup_user_command src/plugins/acl/acl.c line 3701

Implementation: acl_show_aclplugin_lookup_user_fn

show acl-plugin macip acl

show acl-plugin macip acl [index N]

Declaration: aclplugin_show_macip_acl_command src/plugins/acl/acl.c line 3737

Implementation: acl_show_aclplugin_macip_acl_fn

show acl-plugin macip interface

show acl-plugin macip interface

Declaration: aclplugin_show_macip_interface_command src/plugins/acl/acl.c line 3743

Implementation: acl_show_aclplugin_macip_interface_fn

show acl-plugin memory

show acl-plugin memory

Declaration: aclplugin_show_memory_command src/plugins/acl/acl.c line 3719

Implementation: acl_show_aclplugin_memory_fn

show acl-plugin sessions

show acl-plugin sessions

Declaration: aclplugin_show_sessions_command src/plugins/acl/acl.c line 3725

Implementation: acl_show_aclplugin_sessions_fn

show acl-plugin tables

show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]

Declaration: aclplugin_show_tables_command src/plugins/acl/acl.c line 3731

Implementation: acl_show_aclplugin_tables_fn