Open Ethernet Networking (OpEN) API Guide and Reference Manual  3.6.0.3
Access List Configuration (ACL)

This document provides a brief description of the Access Control Lists (ACL) OpEN APIs. The ACL OpEN APIs allow processes outside of the ICOS main process (switchdrvr) access to the security access lists configuration. Specifically, named ACLs are supported for IP, IPv6, and MAC communication protocols.

ACL Access List Definition

Several APIs are available and used to create, delete and retrieve an access list. To create an ACL, the name of the ACL as well as the protocol type needs to be provided. The ACL identifier is then returned which is used as an id or index for that ACL for future access and reference. Here is a summary of ACL management related capabilities

Once an ACL has been created, one or more rules can then be added to the ACL. Each ACL can contain several rules. Each rule performs an action of either permit or deny. Here is a list of action related API capabilities;

Once an ACL and rule (permit or deny) has been created, one or more match conditions can then be added to the rule. There are several match conditions available, both standard and extended (source and destination comparisons). The ability to add and retrieve specific match conditions are indexed using the ACL id and rule ids. The following list shows some sample match conditions and is not all inclusive.

Please note that given the wide range and variety of ACLs, not all ACL capabilities are supported for every platform and/or ICOS image. Each ACL API performs a feature check and returns a OPEN_E_UNAVAIL code if the associated match condition is not available.

ACL Access Group Assignment

Once an ACL is defined, it can then be applied to an interface used to filter traffic. Physical, LAG (if supported), and Control Plane (CPU port) interfaces can be specified as well as VLANs. In addition to the interface, the direction (inbound or outbound) and optionally the evaluation order sequence number is defined. The following access group/traffic filter related commands are available;

All 'Set' operations affect the Switch behavior and configuration.

Example C Application acl_example

Initialization

In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.

acl_example

acl_example.c is a sample application that demonstrates the use of the ACL OpEN API. acl_example is started from the command line. The acl_example is quite extensive in that it demonstrates most of the ACL features. The example first deletes the previously defined ACL named test_ip_renamed (if it exists) and creates a new ACL named test_ip. A total of 8 action rules (7 permits and 1 deny) are created with various match conditions. Similar ACLs are then created for both IPv6 and MAC with the names test_ipv6, test_ipv6_renamed, test_mac, and test_mac_renamed. Each match condition is typically verified by retrieving and comparing the associated protocol or attribute being set.

Once all three ACLs are created, access groups are created and assigned to various sample interfaces demonstrating traffic filter assignment. Before completion, the demonstration provides some general information such as the configured ACLs and their assignments.

The following is a list and sequence of these tests for the IP protocol sanity tests.

Sample Output (LiNe/LinuxHost platform)

Please note that a display containing Feature not supported is shown in the output if appropriate.

# ./acl_example

Begin Sanity tests...
Create named IP ACL...
Sanity Success - testAclCreate - .
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - Every.
Sanity Success - testAclAddIpRules - Assign Queue.
Sanity Success - testAclAddIpRules - Logging.
Sanity Success - testAclAddIpRules - Packet Mirroring Interface.
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - Source IPv4 Address/Mask.
Sanity Success - testAclAddIpRules - Destination IPv4 Address/Mask.
Sanity Success - testAclAddIpRules - PIM Protocol.
Sanity Success - testAclAddIpRules - DSCP Value.
Sanity Success - testAclAddIpRules - IP Fragments.
Sanity Success - testAclAddIpRules - Precedence Value.
Sanity Success - testAclAddIpRules - ToS and Tos Mask Value.
Sanity Success - testAclAddIpRules - Packet Redirection Interface.
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - TCP Protocol.
Sanity Success - testAclAddIpRules - Packet Redirect External Agent.
Sanity Success - testAclAddIpRules - Simple traffic rate-limit policing.
Sanity Success - testAclAddIpRules - Time based activation.
Sanity Success - testAclAddIpRules - Time Range status.
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - ICMP Protocol.
Sanity Success - testAclAddIpRules - ICMP messaging for 'Echo'.
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - IGMP Protocol.
Sanity Success - testAclAddIpRules - IGMP messaging for 'Multicast Traceroute'.
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - TCP Protocol.
Sanity Success - testAclAddIpRules - Miscellaneous TCP Flags test.
Sanity Success - testAclAddIpRules - Source Layer 4 port 80.
Sanity Success - testAclAddIpRules - PERMIT.
Sanity Success - testAclAddIpRules - UDP Protocol.
Sanity Success - testAclAddIpRules - Source Layer 4 port < 10000.
Sanity Success - testAclAddIpRules - Destination Layer 4 port > 20000.
Sanity Success - testAclAddIpRules - DENY.
Create named IPv6 ACL...
Sanity Success - testAclCreate - .
Sanity Success - testAclAddIpv6Rules - PERMIT.
Sanity Success - testAclAddIpv6Rules - Every.
Sanity Success - testAclAddIpv6Rules - Assign Queue.
Sanity Success - testAclAddIpv6Rules - Logging.
Sanity Success - testAclAddIpv6Rules - Packet Mirroring Interface.
Sanity Success - testAclAddIpv6Rules - PERMIT.
Sanity Success - testAclAddIpv6Rules - PIM Protocol.
Sanity Success - testAclAddIpv6Rules - Source IPv6 Address/prefix.
Sanity Success - testAclAddIpv6Rules - Destination IPv6 Address/prefix.
Sanity Success - testAclAddIpv6Rules - DSCP Value.
Sanity Success - testAclAddIpv6Rules - IP Fragments.
Sanity Success - testAclAddIpv6Rules - Packet Redirection Interface.
Sanity Success - testAclAddIpv6Rules - PERMIT.
Sanity Success - testAclAddIpv6Rules - TCP Protocol.
Sanity Success - testAclAddIpv6Rules - Packet Redirect External Agent.
Sanity Success - testAclAddIpv6Rules - Simple traffic rate-limit policing.
Sanity Success - testAclAddIpv6Rules - Time based activation.
Sanity Success - testAclAddIpv6Rules - Time Range status.
Sanity Success - testAclAddIpv6Rules - Flow Label.
Sanity Success - testAclAddIpv6Rules - Routing Flag.
Sanity Success - testAclAddIpv6Rules - PERMIT.
Sanity Success - testAclAddIpv6Rules - ICMPv6 Protocol.
Sanity Success - testAclAddIpv6Rules - ICMPv6 messaging for 'Port-Unreachable'.
Sanity Success - testAclAddIpv6Rules - PERMIT.
Sanity Success - testAclAddIpv6Rules - TCP Protocol.
Sanity Success - testAclAddIpv6Rules - Miscellaneous TCP Flags test.
Sanity Success - testAclAddIpv6Rules - Source Layer 4 port range 20000 - 20010.
Sanity Success - testAclAddIpv6Rules - Destination Layer 4 port > 60000.
Sanity Success - testAclAddIpv6Rules - DENY.
Create named MAC ACL...
Sanity Success - testAclCreate - .
Sanity Success - testAclAddMacRules - PERMIT.
Sanity Success - testAclAddMacRules - Every.
Sanity Success - testAclAddMacRules - Assign Queue.
Sanity Success - testAclAddMacRules - Logging.
Sanity Success - testAclAddMacRules - Packet Mirroring Interface.
Sanity Success - testAclAddMacRules - PERMIT.
Sanity Success - testAclAddMacRules - Source MAC Address/Mask.
Sanity Success - testAclAddMacRules - Destination MAC Address/Mask.
Sanity Success - testAclAddMacRules - Packet Redirection Interface.
Sanity Success - testAclAddMacRules - PERMIT.
Sanity Success - testAclAddMacRules - Packet Redirect External Agent.
Sanity Success - testAclAddMacRules - Simple traffic rate-limit policing.
Sanity Success - testAclAddMacRules - Time based activation.
Sanity Success - testAclAddMacRules - Time Range status.
Sanity Success - testAclAddMacRules - Ethertype 0x809B.
Sanity Success - testAclAddMacRules - CoS 0.
Sanity Success - testAclAddMacRules - Secondary CoS 7.
Sanity Success - testAclAddMacRules - VLAN ID Range 2 - 100.
Sanity Success - testAclAddMacRules - Secondary VLAN ID 200.
Sanity Success - testAclAddMacRules - DENY.
Perform some generic retrieval tests...
Sanity Success - openapiAclGetFirst - IP ACL.
Sanity Success - testAclCreate - .
Sanity Success - testAclCreate - temporary.
Sanity Success - testAclRetrieval - openapiAclGetNext.
Rename then Delete ACLs...
Sanity Success - Renamed - test_ip_renamed.
Sanity Success - Renamed - test_ipv6_renamed.
Sanity Success - Renamed - test_mac_renamed.
Demonstrate traffic filter assignment for interfaces...
Sanity Success - testAclTrafficFilterIntfAdd - ACL:test_ip_renamed intf:1 dir:0 seq:100.
Sanity Success - testAclTrafficFilterIntfAdd - ACL:test_ip_renamed intf:2 dir:0 seq:200.
Sanity Success - testAclTrafficFilterIntfAdd - ACL:test_ipv6_renamed intf:3 dir:0 seq:300.
Sanity Success - testAclTrafficFilterIntfAdd - ACL:test_mac_renamed intf:4 dir:0 seq:400.
Demonstrate traffic filter assignment for VLANs...
Sanity Success - testAclTrafficFilterVlanAdd - ACL:test_ip_renamed VLAN:5 dir:0 seq:500.
Sanity Success - testAclTrafficFilterVlanAdd - ACL:test_ip_renamed VLAN:6 dir:0 seq:600.
Sanity Success - testAclTrafficFilterVlanAdd - ACL:test_ipv6_renamed VLAN:7 dir:0 seq:700.
Sanity Success - testAclTrafficFilterVlanAdd - ACL:test_mac_renamed VLAN:8 dir:0 seq:800.
Demonstrate traffic filter removal of interface...
Demonstrate traffic filter removal of VLAN...
Display various ACL lists and information...

ACL interface direction assignments
Interface Direction
------— ------—
1 Inbound
3 Inbound
4 Inbound

ACL Interface 1, Inbound details
ACL id Type Seq Num
---— -— ----—
1000 1 100

ACL test_ip_renamed Inbound Interfaces
Interface
------—
1

ACL test_ip_renamed Inbound VLANs
VLAN

6

Sanity Success - openapiCpuIntfGet - CPU Control Plane Interface ... 129.
Sanity Success - openapiAclMaxAclIntfCountGet - Number of allowed ACL Interfaces ... 160.
Sanity Success - openapiAclMaxAclVlanCountGet - Number of allowed ACL VLANs ... 24.
Sanity Success - openapiAclCountGet - Total number of configured ACLs ... 3.
Sanity Success - openapiAclMacCountGet - Number of configured MAC ACLs ... 1.

Complete.

Example Python Application acl_example

In addition to acl_example.c, a python implementation has also been provided for demonstration purposes. This python acl_example.py script essentially duplicates the acl_example.c implementation.

Example Ruby Application acl_example

In addition to acl_example.c, a ruby implementation has also been provided for demonstration purposes. This ruby acl_example.rb application essentially duplicates the acl_example.c implementation.

ACL CLI/API Cross Reference

CLI Command OpEN API Reference
ACL Definitions -
(Config)#
[no] ip access-list <name>
openapiAclCreate()
openapiAclDelete()
openapiAclDeleteByName()
(Config)#
[no] ipv6 access-list <name>
openapiAclCreate()
openapiAclDelete()
openapiAclDeleteByName()
(Config)#
[no] mac access-list extended <name>
openapiAclCreate()
openapiAclDelete()
openapiAclDeleteByName()
(Config)#
ip access-list rename <old-name> <new-name>
openapiAclRename()
(Config)#
ipv6 access-list rename <old-name> <new-name>
openapiAclRename()
(Config)#
mac access-list rename <old-name> <new-name>
openapiAclRename()
Rules -
(Config-ipv4-access-list)#
permit/deny
openapiAclRuleActionAdd()
openapiAclRuleActionGet()
openapiAclRuleDeleteLast()
(Config-ipv6-acl)#
permit/deny
openapiAclRuleActionAdd()
openapiAclRuleActionGet()
openapiAclRuleDeleteLast()
(Config-mac-access-list)#
permit/deny
openapiAclRuleActionAdd()
openapiAclRuleActionGet()
openapiAclRuleDeleteLast()
Rule Attributes -

(Config-ipv4/6-access-list)#
permit/deny <protocol> <addr> assign-queue

openapiAclMaxAssignQueueGet()
openapiAclRuleMatchAssignQueueAdd()
openapiAclRuleMatchAssignQueueGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> redirect

openapiAclRuleMatchRedirectAdd()
openapiAclRuleMatchRedirectGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> mirror

openapiAclRuleMatchMirrorAdd()
openapiAclRuleMatchMirrorGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> log

openapiAclRuleMatchLoggingAdd()
openapiAclRuleMatchLoggingGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> redirectExtAgent

openapiAclRuleMatchRedirectAgentAdd()
openapiAclRuleMatchRedirectAgentGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> time-range

openapiAclRuleMatchTimeRangeAdd()
openapiAclRuleMatchTimeRangeGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> time-range-status

openapiAclRuleMatchTimeRangeStatusGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> rate-limit

openapiAclRuleMatchRateLimitAdd()
openapiAclRuleMatchRateLimitGet()

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> sflow-remote-agent

openapiAclRuleMatchSflowSamplingAdd()
openapiAclRuleMatchSflowSamplingGet()
Protocols -
(Config-ipv4/6-access-list)#
permit/deny <protocol-number>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <eigrp>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <every>
openapiAclRuleMatchEveryAdd()
openapiAclRuleMatchEveryGet()
(Config-ipv4/6-access-list)#
permit/deny <gre>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <icmp>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <igmp>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <ip>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <ipinip>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <ospf>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <pim>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <tcp>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv4/6-access-list)#
permit/deny <udp>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv6-acl)#
permit/deny <icmpv6>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
(Config-ipv6-acl)#
permit/deny <ipv6>
openapiAclRuleMatchProtocolAdd()
openapiAclRuleMatchProtocolGet()
Protocol Addressing -
(Config-ipv4/6-access-list)#
permit/deny <protocol> any
openapiAclRuleMatchEveryAdd()
openapiAclRuleMatchEveryGet()
(Config-ipv4-access-list)#
permit/deny <protocol> host
openapiAclRuleMatchIpSrcMaskAdd()
openapiAclRuleMatchIpSrcMaskGet()
openapiAclRuleMatchIpDstMaskAdd()
openapiAclRuleMatchIpDstMaskGet()
(Config-ipv4-access-list)#
permit/deny <protocol> <srcip> <mask>
openapiAclRuleMatchIpSrcMaskAdd()
openapiAclRuleMatchIpSrcMaskGet()
(Config-ipv4-access-list)#
permit/deny <protocol> <dstip> <mask>
openapiAclRuleMatchIpDstMaskAdd()
openapiAclRuleMatchIpDstMaskGet()
(Config-ipv4-access-list)#
permit/deny <protocol> host
openapiAclRuleMatchIpSrcMaskAdd()
openapiAclRuleMatchIpSrcMaskGet()
openapiAclRuleMatchIpDstMaskAdd()
openapiAclRuleMatchIpDstMaskGet()
(Config-ipv6-acl)#
permit/deny <protocol> <source-ipv6-prefix/prefix-length>
openapiAclRuleMatchIpv6SrcPfxAdd()
openapiAclRuleMatchIpv6SrcPfxGet()
(Config-ipv6-acl)#
permit/deny <protocol> <destination-ipv6-prefix/prefix-length>
openapiAclRuleMatchIpv6DstPfxAdd()
openapiAclRuleMatchIpv6DstPfxGet()
(Config-ipv6-acl)#
permit/deny <protocol> host
openapiAclRuleMatchIpv6SrcPfxAdd()
openapiAclRuleMatchIpv6SrcPfxGet()
openapiAclRuleMatchIpv6DstPfxAdd()
openapiAclRuleMatchIpv6DstPfxGet()
(Config-mac-access-list)#
permit/deny <srcmac> <srcmask>
openapiAclRuleMatchMacSrcMacAdd()
openapiAclRuleMatchMacSrcMacGet()
(Config-mac-access-list)#
permit/deny <dstmac> <dstmac>
openapiAclRuleMatchMacDstMacAdd()
openapiAclRuleMatchMacDstMacGet()
(Config-mac-access-list)#
permit/deny any
openapiAclRuleMatchEveryAdd()
openapiAclRuleMatchEveryGet()
Match Conditions - IPv4, IPv6, and MAC -

(Config-ipv4/6/mac-access-list)#
permit/deny <protocol> <addr> dcsp

openapiAclRuleMatchDscpAdd()
openapiAclRuleMatchDscpGet()
Match Conditions - IPv4 and IPv6 -

(Config-ipv4/6-access-list)#
permit/deny <protocol> <addr> fragments

openapiAclRuleMatchFragmentsAdd()
openapiAclRuleMatchFragmentsGet()

(Config-ipv4/6-access-list)#
permit/deny <protocol> <addr> igmp

openapiAclRuleMatchIgmpTypeAdd()
openapiAclRuleMatchIgmpTypeGet()

(Config-ipv4/6-access-list)#
permit/deny <protocol> <addr> dcsp

openapiAclRuleMatchDscpAdd()
openapiAclRuleMatchDscpGet()

(Config-ipv4/6-access-list)#
permit/deny <tcp/udp protocol> <addr> flag

openapiAclRuleMatchTcpFlagsAdd()
openapiAclRuleMatchTcpFlagsGet()
(Config-ipv4/6-access-list)#
permit/deny <tcp/udp protocol> <addr> eq <port>
openapiAclRuleMatchL4SrcPortAdd()
openapiAclRuleMatchL4DstPortAdd()
openapiAclRuleMatchL4SrcPortGet()
openapiAclRuleMatchL4DstPortGet()
(Config-ipv4/6-access-list)#
permit/deny <tcp/udp protocol> <addr> gt <port>
openapiAclRuleMatchL4SrcPortAdd()
openapiAclRuleMatchL4DstPortAdd()
openapiAclRuleMatchL4SrcPortGet()
openapiAclRuleMatchL4DstPortGet()
(Config-ipv4/6-access-list)#
permit/deny <tcp/udp protocol> <addr> lt <port>
openapiAclRuleMatchL4SrcPortAdd()
openapiAclRuleMatchL4DstPortAdd()
openapiAclRuleMatchL4SrcPortGet()
openapiAclRuleMatchL4DstPortGet()
(Config-ipv4/6-access-list)#
permit/deny <tcp/udp protocol> <addr> neq <port>
openapiAclRuleMatchL4SrcPortAdd()
openapiAclRuleMatchL4DstPortAdd()
openapiAclRuleMatchL4SrcPortGet()
openapiAclRuleMatchL4DstPortGet()
(Config-ipv4/6-access-list)#
permit/deny <tcp/udp protocol> <addr> range <start-port> <end-port>
openapiAclRuleMatchL4SrcPortAdd()
openapiAclRuleMatchL4DstPortAdd()
openapiAclRuleMatchL4SrcPortGet()
openapiAclRuleMatchL4DstPortGet()
Match Conditions - IPv4 only -

(Config-ipv4-access-list)#
permit/deny <protocol> <addr> icmp

openapiAclRuleMatchIcmpTypeCodeAdd()
openapiAclRuleMatchIcmpTypeCodeGet()

(Config-ipv4-access-list)#
permit/deny <protocol> <addr> precedence

openapiAclRuleMatchPrecedenceAdd()
openapiAclRuleMatchPrecedenceGet()

(Config-ipv4-access-list)#
permit/deny <protocol> <addr> tos

openapiAclRuleMatchTosAdd()
openapiAclRuleMatchTosGet()
Match Conditions - IPv6 only -

(Config-ipv6-acl)#
permit/deny <protocol> <addr> icmpv6

openapiAclRuleMatchIcmpTypeCodeAdd()
openapiAclRuleMatchIcmpTypeCodeGet()

(Config-ipv6-acl)#
permit/deny <protocol> <addr> flow-label

openapiAclRuleMatchFlowLabelAdd()
openapiAclRuleMatchFlowLabelGet()

(Config-ipv6-acl)#
permit/deny <protocol> <addr> routing

openapiAclRuleMatchRoutingAdd()
openapiAclRuleMatchRoutingGet()
Match Conditions - MAC only -

(Config-mac-access-list)#
permit/deny <addr> ethertype

openapiAclRuleMatchMacEtherTypeAdd()
openapiAclRuleMatchMacEtherTypeGet()

(Config-mac-access-list)#
permit/deny <addr> cos

openapiAclRuleMatchMacCosAdd()
openapiAclRuleMatchMacCosGet()

(Config-mac-access-list)#
permit/deny <addr> secondary-cos

openapiAclRuleMatchMacCos2Add()
openapiAclRuleMatchMacCos2Get()

(Config-mac-access-list)#
permit/deny <addr> vlan

openapiAclRuleMatchMacVlanAdd()
openapiAclRuleMatchMacVlanGet()
(Config-mac-access-list)#
permit/deny <addr> vlan range <start-id> <end-id>
openapiAclRuleMatchMacVlanAdd()
openapiAclRuleMatchMacVlanGet()

(Config-mac-access-list)#
permit/deny <addr> secondary-vlan

openapiAclRuleMatchMacSecondaryVlanAdd()
openapiAclRuleMatchMacSecondaryVlanGet()
(Config-mac-access-list)#
permit/deny <addr> secondary-vlan range <start-id> <end-id>
openapiAclRuleMatchMacSecondaryVlanAdd()
openapiAclRuleMatchMacSecondaryVlanGet()
ACL Traffic Filters -
(Config)#
ip access-group <name> <direction> [sequence]
openapiAclIntfDirAdd()
openapiAclIntfDirDelete()
(Config)#
ipv6 access-group <name> <direction> [sequence]
openapiAclIntfDirAdd()
openapiAclIntfDirDelete()
(Config)#
mac access-group extended <name> <direction> [sequence]
openapiAclIntfDirAdd()
openapiAclIntfDirDelete()
(Config)#
ip access-group <name> control-plane [sequence]
openapiAclIntfDirAdd()
openapiAclIntfDirDelete()
(Config)#
ipv6 access-group <name> control-plane [sequence]
openapiAclIntfDirAdd()
openapiAclIntfDirDelete()
(Config)#
mac access-group extended <name> control-plane [sequence]
openapiAclIntfDirAdd()
openapiAclIntfDirDelete()
(Config)#
ip access-group <name> vlan <id> <direction> [sequence]
openapiAclVlanDirAdd()
openapiAclVlanDirDelete()
(Config)#
ipv6 access-group <name> vlan <id> <direction> [sequence]
openapiAclVlanDirAdd()
openapiAclVlanDirDelete()
(Config)#
mac access-group <name> vlan <id> <direction> [sequence]
openapiAclVlanDirAdd()
openapiAclVlanDirDelete()
ACL Informational Display -
(Routing)#
show show ip access-lists [name]
openapiAclRuleActionGet()
openapiAclRuleGetFirst()
openapiAclRuleGetNext()
(Routing)#
show show ipv6 access-lists [name]
openapiAclRuleActionGet()
openapiAclRuleGetFirst()
openapiAclRuleGetNext()
(Routing)#
show show mac access-lists [name]
openapiAclRuleActionGet()
openapiAclRuleGetFirst()
openapiAclRuleGetNext()