acl
acl
+ acl-filter name string type keyword
+ description string
+ entry sequence-id number
+ action
+ accept
+ forwarding-class reference
+ rate-limit
+ policer reference
+ system-cpu-policer reference
+ copy
+ drop
+ log boolean
+ description string
- last-clear string
+ match
+ ipv4
+ destination-ip
+ address string
+ mask string
+ prefix string
+ dscp-set (number | keyword)
+ first-fragment boolean
+ fragment boolean
+ icmp
+ code number
+ type (number | keyword)
+ protocol (number | keyword)
+ source-ip
+ address string
+ mask string
+ prefix string
+ ipv6
+ destination-ip
+ address string
+ mask string
+ prefix string
+ dscp-set (number | keyword)
+ icmp6
+ code number
+ type (number | keyword)
+ next-header (number | keyword)
+ source-ip
+ address string
+ mask string
+ prefix string
+ l2
+ destination-mac
+ address string
+ mask string
+ ethertype (string | keyword)
+ source-mac
+ address string
+ mask string
+ vlan
+ outermost-vlan-id
+ none
+ operator keyword
+ range
+ end number
+ start number
+ value number
+ transport
+ destination-port
+ operator keyword
+ range
+ end (number | keyword)
+ start (number | keyword)
+ value (number | keyword)
+ source-port
+ operator keyword
+ range
+ end (number | keyword)
+ start (number | keyword)
+ value (number | keyword)
+ tcp-flags string
- statistics
- incomplete boolean
- last-clear string
- last-match string
- matched-packets number
- policer
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
- system-cpu-policer
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
- tcam-entries
- forwarding-complex complex-identifier string
- input-total number
- output-total number
- single-instance number
- last-clear string
+ statistics-per-entry boolean
+ subinterface-specific keyword
- datapath-programming
- forwarding-complex slot-id number complex-id number
- last-completed-timestamp string
- programming-complete boolean
+ egress-mac-filtering boolean
+ interface interface-id string
+ input
+ acl-filter name reference type reference
- entry sequence-id reference
- policer
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
- statistics
- incomplete boolean
- last-clear string
- last-match string
- matched-packets number
- statistics
- last-clear string
- policer
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
+ interface-ref
+ interface reference
+ subinterface reference
+ output
+ acl-filter name reference type reference
- entry sequence-id reference
- policer
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
- statistics
- incomplete boolean
- last-clear string
- last-match string
- matched-packets number
- statistics
- last-clear string
- policer
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
+ policers
+ policer name string
+ entry-specific boolean
+ max-burst number
+ peak-rate number
+ scope keyword
- statistics
- aggregate
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
- last-clear string
+ system-cpu-policer name string
+ entry-specific boolean
+ max-packet-burst number
+ peak-packet-rate number
- statistics
- conforming-octets number
- conforming-packets number
- exceeding-octets number
- exceeding-packets number
- last-clear string
+ tcam-profile keyword
acl Descriptions
acl
acl-filter name string type keyword
Description | List of filter types such as IPv4, IPv6 and MAC depending on the platform's capabilities. | |
Context | acl acl-filter name string type keyword | |
Tree | acl-filter | |
Configurable | True | |
Platforms | Supported on all platforms |
name string
Description | ACL Filter policy name | |
Context | acl acl-filter name string type keyword | |
Configurable | True | |
Platforms | Supported on all platforms |
type keyword
Description | Defines the type of ACL filter: ipv4: IPv4 ACL filter ipv6: IPv6 ACL filter mac: MAC ACL filter | |
Context | acl acl-filter name string type keyword | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
description string
Description | Description string for the filter policy | |
Context | acl acl-filter name string type keyword description string | |
Tree | description | |
String Length | 1 to 255 | |
Configurable | True | |
Platforms | Supported on all platforms |
entry sequence-id number
Description | List of ACL entries comprising an ACL Filter | |
Context | acl acl-filter name string type keyword entry sequence-id number | |
Tree | entry | |
Configurable | True | |
Platforms | Supported on all platforms |
sequence-id number
Description | A number to indicate the relative evaluation order of the different entries; lower numbered entries are evaluated before higher numbered entries | |
Context | acl acl-filter name string type keyword entry sequence-id number | |
Range | 0 to 65535 | |
Configurable | True | |
Platforms | Supported on all platforms |
action
Description | Container for the actions to be applied to packets matching the filter entry. | |
Context | acl acl-filter name string type keyword entry sequence-id number action | |
Tree | action | |
Configurable | True | |
Platforms | Supported on all platforms |
accept
Description | Accept matching packets and forward them towards their normal destination | |
Context | acl acl-filter name string type keyword entry sequence-id number action accept | |
Tree | accept | |
Configurable | True | |
Platforms | Supported on all platforms |
forwarding-class reference
Description | The QoS forwarding class to which the packet is mapped | |
Context | acl acl-filter name string type keyword entry sequence-id number action accept forwarding-class reference | |
Tree | forwarding-class | |
Reference | qos forwarding-classes forwarding-class name string | |
Configurable | True | |
Platforms | Supported on all platforms except 7220 IXR-D1 |
rate-limit
Description | Rate-limit accepted packets | |
Context | acl acl-filter name string type keyword entry sequence-id number action accept rate-limit | |
Tree | rate-limit | |
Configurable | True | |
Platforms | Supported on all platforms |
policer reference
Description | Reference to a policer | |
Context | acl acl-filter name string type keyword entry sequence-id number action accept rate-limit policer reference | |
Tree | policer | |
Reference | acl policers policer name | |
Configurable | True | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
system-cpu-policer reference
Description | Reference to a system-cpu-policer. | |
Context | acl acl-filter name string type keyword entry sequence-id number action accept rate-limit system-cpu-policer reference | |
Tree | system-cpu-policer | |
Reference | acl policers system-cpu-policer name | |
Configurable | True | |
Platforms | Supported on all platforms |
copy
Description | Create a copy of matching packets extract them to the CPM and deliver them to the designated veth interface | |
Context | acl acl-filter name string type keyword entry sequence-id number action copy | |
Tree | copy | |
Configurable | True | |
Platforms | Supported on all platforms |
drop
Description | Drop matching packets. Dropped IP packets do not result in sending ICMP messages back to the source | |
Context | acl acl-filter name string type keyword entry sequence-id number action drop | |
Tree | drop | |
Configurable | True | |
Platforms | Supported on all platforms |
log boolean
Description | When this is true, a log is created for each packet matching the entry For IP packets matched by an IP filter entry the log entry contains the following information: | |
Context | acl acl-filter name string type keyword entry sequence-id number action log boolean | |
Tree | log | |
Default | false | |
Configurable | True | |
Platforms | Supported on all platforms |
description string
Description | Description string for the filter entry | |
Context | acl acl-filter name string type keyword entry sequence-id number description string | |
Tree | description | |
String Length | 1 to 255 | |
Configurable | True | |
Platforms | Supported on all platforms |
last-clear string
Description | Time of the last clear command performed by the user at this level | |
Context | acl acl-filter name string type keyword entry sequence-id number last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
match
Description | Container for the conditions that determine whether a packet matches this entry | |
Context | acl acl-filter name string type keyword entry sequence-id number match | |
Tree | match | |
Configurable | True | |
Platforms | Supported on all platforms |
ipv4
Description | Container for the common layer-3 IPv4 match criteria | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 | |
Tree | ipv4 | |
Configurable | True | |
Platforms | Supported on all platforms |
destination-ip
Description | Packet matching criteria based on destination IPv4 address | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 destination-ip | |
Tree | destination-ip | |
Configurable | True | |
Platforms | Supported on all platforms |
address string
Description | Match a packet if its destination IP address logically anded with the inverse of the mask equals this IP address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 destination-ip address string | |
Tree | address | |
Configurable | True | |
Platforms | Supported on all platforms |
mask string
Description | Match a packet if its destination IP address logically anded with the inverse of this mask equals the configured IP address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 destination-ip mask string | |
Tree | mask | |
Configurable | True | |
Platforms | Supported on all platforms |
prefix string
Description | Match a packet if its destination IP address is within the specified IPv4 prefix. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 destination-ip prefix string | |
Tree | prefix | |
Configurable | True | |
Platforms | Supported on all platforms |
dscp-set (number | keyword)
Description | A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 dscp-set (number | keyword) | |
Tree | dscp-set | |
Range | 0 to 63 | |
Options |
| |
Configurable | True | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
first-fragment boolean
Description | Match the first fragment of an IPv4 datagram A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1. It is not valid to configure this leaf without configuring a match value for the fragment leaf. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 first-fragment boolean | |
Tree | first-fragment | |
Configurable | True | |
Platforms | Supported on all platforms |
fragment boolean
Description | Match an IPv4 fragment A packet matches the true condition if the IPv4 header indicates that the fragment-offset is zero and and the more-fragments bit is 1 or if the IPv4 header indicates that the fragment-offset is greater than 0. A packet matches the false condition if it is unfragmented. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 fragment boolean | |
Tree | fragment | |
Configurable | True | |
Platforms | Supported on all platforms |
icmp
Description | A packet matches this condition if its ICMP type and code matches one of the specified combinations The rule should also have a condition that the IP protocol equals 1 (ICMP) in order for this to be interpreted correctly. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 icmp | |
Tree | icmp | |
Configurable | True | |
Platforms | Supported on all platforms |
code number
type (number | keyword)
Description | Match a single ICMP type value. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 icmp type (number | keyword) | |
Tree | type | |
Range | 0 to 255 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
protocol (number | keyword)
Description | An IPv4 packet matches this condition if its IP protocol type field matches the specified value | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 protocol (number | keyword) | |
Tree | protocol | |
Range | 0 to 255 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
source-ip
Description | Packet matching criteria based on source IPv4 address | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv4 source-ip | |
Tree | source-ip | |
Configurable | True | |
Platforms | Supported on all platforms |
address string
mask string
prefix string
ipv6
Description | Container for the common layer-3 IPv6 match criteria | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 | |
Tree | ipv6 | |
Configurable | True | |
Platforms | Supported on all platforms |
destination-ip
Description | Packet matching criteria based on destination IPv6 address | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 destination-ip | |
Tree | destination-ip | |
Configurable | True | |
Platforms | Supported on all platforms |
address string
Description | Match a packet if its destination IP address logically anded with the inverse of the mask equals this IP address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 destination-ip address string | |
Tree | address | |
Configurable | True | |
Platforms | Supported on all platforms |
mask string
Description | Match a packet if its destination IP address logically anded with the inverse of this mask equals the configured IP address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 destination-ip mask string | |
Tree | mask | |
Configurable | True | |
Platforms | Supported on all platforms |
prefix string
Description | Match a packet if its destination IP address is within the specified IPv6 prefix. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 destination-ip prefix string | |
Tree | prefix | |
Configurable | True | |
Platforms | Supported on all platforms |
dscp-set (number | keyword)
Description | A list of DSCP values to be matched for incoming packets. An OR match should be performed, such that a packet must match one of the values defined in this list. If the field is left empty then any DSCP value matches. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 dscp-set (number | keyword) | |
Tree | dscp-set | |
Range | 0 to 63 | |
Options |
| |
Configurable | True | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
icmp6
Description | A packet matches this condition if its ICMPv6 type and code matches one of the specified combinations The rule should also have a condition that the next-header value equals 58 (ICMPv6) in order for this to be interpreted correctly. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 icmp6 | |
Tree | icmp6 | |
Configurable | True | |
Platforms | Supported on all platforms |
code number
Description | Match if the ICMPv6 code value is any value in the list Requires ICMPv6 type to be specified because codes are type dependent. | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 icmp6 code number | |
Tree | code | |
Configurable | True | |
Platforms | Supported on all platforms |
type (number | keyword)
Description | Match a single ICMPv6 type value | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 icmp6 type (number | keyword) | |
Tree | type | |
Range | 0 to 255 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
next-header (number | keyword)
Description | An IPv6 packet matches this condition if its first next-header field (in the IPv6 fixed header) contains the specified value | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 next-header (number | keyword) | |
Tree | next-header | |
Range | 0 to 255 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
source-ip
Description | Packet matching criteria based on source IPv6 address | |
Context | acl acl-filter name string type keyword entry sequence-id number match ipv6 source-ip | |
Tree | source-ip | |
Configurable | True | |
Platforms | Supported on all platforms |
address string
mask string
prefix string
l2
Description | Container for the common layer-2 match criteria | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 | |
Tree | l2 | |
Configurable | True | |
Platforms | Supported on all platforms |
destination-mac
Description | Ethernet frame matching criteria based on destination MAC address | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 destination-mac | |
Tree | destination-mac | |
Configurable | True | |
Platforms | Supported on all platforms |
address string
Description | Match an Ethernet frame if its destination MAC address logically anded with the mask equals this MAC address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 destination-mac address string | |
Tree | address | |
Configurable | True | |
Platforms | Supported on all platforms |
mask string
Description | Match an Ethernet frame if its destination MAC address logically anded with the mask equals the configured MAC address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 destination-mac mask string | |
Tree | mask | |
Configurable | True | |
Platforms | Supported on all platforms |
ethertype (string | keyword)
Description | An Ethernet frame matches this condition if its ethertype value (after 802.1Q VLAN tags) matches the specified value | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 ethertype (string | keyword) | |
Tree | ethertype | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
source-mac
Description | Ethernet frame matching criteria based on source MAC address | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 source-mac | |
Tree | source-mac | |
Configurable | True | |
Platforms | Supported on all platforms |
address string
Description | Match an Ethernet frame if its source MAC address logically anded with the mask equals this MAC address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 source-mac address string | |
Tree | address | |
Configurable | True | |
Platforms | Supported on all platforms |
mask string
Description | Match an Ethernet frame if its source MAC address logically anded with the mask equals the configured MAC address. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 source-mac mask string | |
Tree | mask | |
Configurable | True | |
Platforms | Supported on all platforms |
vlan
Description | Ethernet frame matching criteria based on VLAN tags | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan | |
Tree | vlan | |
Configurable | True | |
Platforms | Supported on all platforms |
outermost-vlan-id
Description | Ethernet frame matching criteria based on the outermost VLAN ID found before the subinterface-defining VLAN tag (if any) is removed. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id | |
Tree | outermost-vlan-id | |
Configurable | True | |
Platforms | Supported on all platforms |
none
Description | When configured, only untagged frames are matched. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id none | |
Tree | none | |
Configurable | True | |
Platforms | Supported on all platforms |
operator keyword
Description | Comparison operator eq = equal ge = greater than or equal to le = less than or equal to | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id operator keyword | |
Tree | operator | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
range
Description | Container used to specify a contiguous range of VLAN IDs. Matched values include the start and end values. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id range | |
Tree | range | |
Configurable | True | |
Platforms | Supported on all platforms |
end number
Description | The ending VLAN ID to include in the range | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id range end number | |
Tree | end | |
Range | 0 to 4095 | |
Configurable | True | |
Platforms | Supported on all platforms |
start number
Description | The starting VLAN ID to include in the range | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id range start number | |
Tree | start | |
Range | 0 to 4095 | |
Configurable | True | |
Platforms | Supported on all platforms |
value number
Description | A VLAN ID number A value of zero is used to match priority-tagged 802.1Q frames. | |
Context | acl acl-filter name string type keyword entry sequence-id number match l2 vlan outermost-vlan-id value number | |
Tree | value | |
Range | 0 to 4095 | |
Configurable | True | |
Platforms | Supported on all platforms |
transport
Description | Container for the common layer-4 transport match criteria | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport | |
Tree | transport | |
Configurable | True | |
Platforms | Supported on all platforms |
destination-port
Description | A packet matches this condition if its destination TCP or UDP port number matches the value or range that is specified The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly. | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport destination-port | |
Tree | destination-port | |
Configurable | True | |
Platforms | Supported on all platforms |
operator keyword
Description | Comparison operator eq = equal ge = greater than or equal to le = less than or equal to | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport destination-port operator keyword | |
Tree | operator | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
range
Description | Container used to specify a contiguous range of TCP/UDP port numbers | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport destination-port range | |
Tree | range | |
Configurable | True | |
Platforms | Supported on all platforms |
end (number | keyword)
Description | The ending port number to include in the range | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport destination-port range end (number | keyword) | |
Tree | end | |
Range | 0 to 65535 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
start (number | keyword)
Description | The starting port number to include in the range | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport destination-port range start (number | keyword) | |
Tree | start | |
Range | 0 to 65535 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
value (number | keyword)
Description | A destination port number | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport destination-port value (number | keyword) | |
Tree | value | |
Range | 0 to 65535 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
source-port
Description | A packet matches this condition if its source TCP or UDP port number matches the value or range that is specified The rule should also have a condition that the IP protocol equals 6 (TCP) or 17 (UDP) in order for this to be interpreted correctly. | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport source-port | |
Tree | source-port | |
Configurable | True | |
Platforms | Supported on all platforms |
operator keyword
Description | Comparison operator eq = equal ge = greater than or equal to le = less than or equal to | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport source-port operator keyword | |
Tree | operator | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
range
Description | Container used to specify a contiguous range of TCP/UDP port numbers | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport source-port range | |
Tree | range | |
Configurable | True | |
Platforms | Supported on all platforms |
end (number | keyword)
Description | The ending port number to include in the range | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport source-port range end (number | keyword) | |
Tree | end | |
Range | 0 to 65535 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
start (number | keyword)
Description | The starting port number to include in the range | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport source-port range start (number | keyword) | |
Tree | start | |
Range | 0 to 65535 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
value (number | keyword)
Description | A source port number | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport source-port value (number | keyword) | |
Tree | value | |
Range | 0 to 65535 | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
tcp-flags string
Description | A logical expression using the &, | and ! logical operators and the TCP flag names: rst, syn and ack. | |
Context | acl acl-filter name string type keyword entry sequence-id number match transport tcp-flags string | |
Tree | tcp-flags | |
Configurable | True | |
Platforms | Supported on all platforms |
statistics
Description | Container for per-entry statistics | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | Supported on all platforms |
incomplete boolean
Description | Returns true when at least one linecard had insufficient stats resources to ensure an accurate set of values for the number of matched packets. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics incomplete boolean | |
Tree | incomplete | |
Configurable | False | |
Platforms | Supported on all platforms |
last-clear string
Description | Time of the last clear command performed by the user at this level or a higher level | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
last-match string
Description | The elapsed time since a packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics last-match string | |
Tree | last-match | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
matched-packets number
Description | The number of packets matching the entry since it was programmed or since the last clear, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics matched-packets number | |
Tree | matched-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
policer
Description | Policer stats for traffic matching the entry: Statistics for policer configured with scope=global and entry-specific=true, and acl configured with subinterface-specific=false. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics policer | |
Tree | policer | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics policer conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics policer conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics policer exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics policer exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
system-cpu-policer
Description | System CPU policer stats for traffic matching the entry: Statistics for system cpu policer configured with scope=global and entry-specific=true, and acl configured with subinterface-specific=false. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics system-cpu-policer | |
Tree | system-cpu-policer | |
Configurable | False | |
Platforms | Supported on all platforms |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics system-cpu-policer conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics system-cpu-policer conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics system-cpu-policer exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl acl-filter name string type keyword entry sequence-id number statistics system-cpu-policer exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
tcam-entries
Description | Information about the TCAM entries used to implement the ACL entry | |
Context | acl acl-filter name string type keyword entry sequence-id number tcam-entries | |
Tree | tcam-entries | |
Configurable | False | |
Platforms | Supported on all platforms |
forwarding-complex complex-identifier string
Description | List of forwarding complexes in the system | |
Context | acl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string | |
Tree | forwarding-complex | |
Configurable | False | |
Platforms | Supported on all platforms |
complex-identifier string
Description | A forwarding complex in the format (slot-number,complex-number). | |
Context | acl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string | |
Configurable | False | |
Platforms | Supported on all platforms |
input-total number
Description | The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to ingress traffic. For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then input-total=2. If the entry is not applied to ingress traffic on any subinterfaces of this complex then input-total=0. | |
Context | acl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string input-total number | |
Tree | input-total | |
Configurable | False | |
Platforms | Supported on all platforms |
output-total number
Description | The number of TCAM entries required to implement this entry on all subinterfaces of this complex where the filter is applied to egress traffic. For example, if a single-instance of the entry takes 2 TCAM entries and the filter is an output-only subinterface-specific filter and the filter is applied to 5 subinterfaces on output and to 5 subinterfaces on input then output-total=10. If the entry is not applied to egress traffic on any subinterfaces of this complex then output-total=0. | |
Context | acl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string output-total number | |
Tree | output-total | |
Configurable | False | |
Platforms | Supported on all platforms |
single-instance number
Description | The number of TCAM entries required to implement this entry if it is applied to only one subinterface and one traffic direction specific to this slot. This is non-zero even if the filter is not applied to any subinterfaces of this complex. It captures the effect of TCAM entry expansion to deal with L4 port or VLAN ranges, for example. | |
Context | acl acl-filter name string type keyword entry sequence-id number tcam-entries forwarding-complex complex-identifier string single-instance number | |
Tree | single-instance | |
Configurable | False | |
Platforms | Supported on all platforms |
last-clear string
Description | Time of the last clear command performed by the user at this level | |
Context | acl acl-filter name string type keyword last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
statistics-per-entry boolean
Description | Collect statistics for each entry of the ACL. If this is set to false no hardware resources are allocated to collecting statistics for this ACL policy. The exact set of statistics depend on the subinterface-specific mode | |
Context | acl acl-filter name string type keyword statistics-per-entry boolean | |
Tree | statistics-per-entry | |
Configurable | True | |
Platforms | Supported on all platforms |
subinterface-specific keyword
Description | Controls the instantiation of the filter when it is applied as an input or output ACL disabled: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, and all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance input-only: all subinterfaces on a single linecard that reference the ACL as an output ACL use a shared filter instance, but each subinterface that references the ACL as an input ACL uses its own separate instance of the filter output-only: all subinterfaces on a single linecard that reference the ACL as an input ACL use a shared filter instance, but each subinterface that references the ACL as an output ACL uses its own separate instance of the filter input-and-output: each subinterface that references the ACL as either an input ACL or an output ACL uses its own separate instance of the filter | |
Context | acl acl-filter name string type keyword subinterface-specific keyword | |
Tree | subinterface-specific | |
Default | disabled | |
Options |
| |
Configurable | True | |
Platforms | Supported on all platforms |
datapath-programming
Description | Container to represent the progress of ACL datapath programming | |
Context | acl datapath-programming | |
Tree | datapath-programming | |
Configurable | False | |
Platforms | Supported on all platforms |
forwarding-complex slot-id number complex-id number
Description | List of forwarding complexes that are currently installed and online | |
Context | acl datapath-programming forwarding-complex slot-id number complex-id number | |
Tree | forwarding-complex | |
Configurable | False | |
Platforms | Supported on all platforms |
slot-id number
Description | The slot id | |
Context | acl datapath-programming forwarding-complex slot-id number complex-id number | |
Configurable | False | |
Platforms | Supported on all platforms |
complex-id number
Description | The complex id | |
Context | acl datapath-programming forwarding-complex slot-id number complex-id number | |
Range | 0 to 1 | |
Configurable | False | |
Platforms | Supported on all platforms |
last-completed-timestamp string
Description | The date and time when the forwarding complex last completed all datapath programming related to prior ACL configuration changes. | |
Context | acl datapath-programming forwarding-complex slot-id number complex-id number last-completed-timestamp string | |
Tree | last-completed-timestamp | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
programming-complete boolean
Description | Reads false when there are still pending entries to program from prior configuration transactions Reads true when all datapath programming related to all prior ACL configuration changes is complete | |
Context | acl datapath-programming forwarding-complex slot-id number complex-id number programming-complete boolean | |
Tree | programming-complete | |
Configurable | False | |
Platforms | Supported on all platforms |
egress-mac-filtering boolean
Description | Must be set to true in order to apply any MAC ACLs to any subinterface in the egress traffic direction. Internally this sets the following limits: Remember that the number of ACL instances per ACL policy is greater than one if subinterface-specific is set to input-and-output or output-only. A setting of true is blocked if the number of IPv4 ACL instances applied to egress traffic is already greater than 32, or if the number of IPv6 ACL instances applied to egress traffic is already greater than 32. | |
Context | acl egress-mac-filtering boolean | |
Tree | egress-mac-filtering | |
Default | false | |
Configurable | True | |
Platforms | 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
interface interface-id string
Description | List of interfaces and subinterfaces referencing ACL filters. | |
Context | acl interface interface-id string | |
Tree | interface | |
Configurable | True | |
Platforms | Supported on all platforms |
interface-id string
Description | Identifier for the interface or subinterface. | |
Context | acl interface interface-id string | |
Configurable | True | |
Platforms | Supported on all platforms |
input
Description | Container for ACL filters that apply to ingress traffic on the subinterface | |
Context | acl interface interface-id string input | |
Tree | input | |
Configurable | True | |
Platforms | Supported on all platforms |
acl-filter name reference type reference
Description | MAC, IPv4, IPv6 ACL filter(s) to be applied on this subinterface direction On 7220 and 7250 IXR platforms only a single MAC, IPv4 or IPv6 filter is supported. | |
Context | acl interface interface-id string input acl-filter name reference type reference | |
Tree | acl-filter | |
Configurable | True | |
Platforms | Supported on all platforms | |
Max. Elements | 4 |
name reference
Description | Enter the name context | |
Context | acl interface interface-id string input acl-filter name reference type reference | |
Reference | acl acl-filter name | |
Configurable | True | |
Platforms | Supported on all platforms |
type reference
Description | Enter the type context | |
Context | acl interface interface-id string input acl-filter name reference type reference | |
Reference | acl acl-filter type | |
Configurable | True | |
Platforms | Supported on all platforms |
entry sequence-id reference
Description | ACL Filter statistics per entry and per subinterface | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference | |
Tree | entry | |
Configurable | False | |
Platforms | Supported on all platforms |
sequence-id reference
Description | Reference to type entry ID key | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference | |
Reference | acl acl-filter entry sequence-id | |
Configurable | False | |
Platforms | Supported on all platforms |
policer
Description | Policer stats for traffic matching the entry: Statistics under /acl/interfaces for policer configured with scope=subinterface and entry-specific=true, and acl configured with subinterface-specific=input-and-output. | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference policer | |
Tree | policer | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference policer conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference policer conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference policer exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference policer exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
statistics
Description | Container for per-entry statistics | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | Supported on all platforms |
incomplete boolean
Description | Returns true when at least one linecard had insufficient stats resources to ensure an accurate set of values for the number of matched packets. | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference statistics incomplete boolean | |
Tree | incomplete | |
Configurable | False | |
Platforms | Supported on all platforms |
last-clear string
Description | Time of the last clear command performed by the user at this level or a higher level | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference statistics last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
last-match string
Description | The elapsed time since a packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference statistics last-match string | |
Tree | last-match | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
matched-packets number
Description | The number of packets matching the entry since it was programmed or since the last clear, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL | |
Context | acl interface interface-id string input acl-filter name reference type reference entry sequence-id reference statistics matched-packets number | |
Tree | matched-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
statistics
Description | Container for policer scope=subinterface and per-entry-statistics=false statistics | |
Context | acl interface interface-id string input statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
last-clear string
Description | Time of the last clear command performed by the user at this level | |
Context | acl interface interface-id string input statistics last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
policer
Description | Policer stats for traffic matching one or multiple entries: List of ACL policer statistics of scope=subinterface and per-entry-statistics=false, and acl configured with subinterface-specific=false. | |
Context | acl interface interface-id string input statistics policer | |
Tree | policer | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string input statistics policer conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl interface interface-id string input statistics policer conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string input statistics policer exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl interface interface-id string input statistics policer exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
interface-ref
Description | Reference to an interface or subinterface | |
Context | acl interface interface-id string interface-ref | |
Tree | interface-ref | |
Configurable | True | |
Platforms | Supported on all platforms |
interface reference
Description | Reference to a base interface, for example a port or LAG | |
Context | acl interface interface-id string interface-ref interface reference | |
Tree | interface | |
Reference | interface name string | |
Configurable | True | |
Platforms | Supported on all platforms |
subinterface reference
Description | Reference to a subinterface This requires the base interface to be specified using the interface leaf in this container. | |
Context | acl interface interface-id string interface-ref subinterface reference | |
Tree | subinterface | |
Reference | interface name string subinterface index number | |
Configurable | True | |
Platforms | Supported on all platforms |
output
Description | Container for ACL filters that apply to ingress traffic on the subinterface | |
Context | acl interface interface-id string output | |
Tree | output | |
Configurable | True | |
Platforms | Supported on all platforms |
acl-filter name reference type reference
Description | MAC, IPv4, IPv6 ACL filter(s) to be applied on this subinterface direction On 7220 and 7250 IXR platforms only a single MAC, IPv4 or IPv6 filter is supported. | |
Context | acl interface interface-id string output acl-filter name reference type reference | |
Tree | acl-filter | |
Configurable | True | |
Platforms | Supported on all platforms | |
Max. Elements | 4 |
name reference
Description | Enter the name context | |
Context | acl interface interface-id string output acl-filter name reference type reference | |
Reference | acl acl-filter name | |
Configurable | True | |
Platforms | Supported on all platforms |
type reference
Description | Enter the type context | |
Context | acl interface interface-id string output acl-filter name reference type reference | |
Reference | acl acl-filter type | |
Configurable | True | |
Platforms | Supported on all platforms |
entry sequence-id reference
Description | ACL Filter statistics per entry and per subinterface | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference | |
Tree | entry | |
Configurable | False | |
Platforms | Supported on all platforms |
sequence-id reference
Description | Reference to type entry ID key | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference | |
Reference | acl acl-filter entry sequence-id | |
Configurable | False | |
Platforms | Supported on all platforms |
policer
Description | Policer stats for traffic matching the entry: Statistics under /acl/interfaces for policer configured with scope=subinterface and entry-specific=true, and acl configured with subinterface-specific=input-and-output. | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference policer | |
Tree | policer | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference policer conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference policer conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference policer exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference policer exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
statistics
Description | Container for per-entry statistics | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | Supported on all platforms |
incomplete boolean
Description | Returns true when at least one linecard had insufficient stats resources to ensure an accurate set of values for the number of matched packets. | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference statistics incomplete boolean | |
Tree | incomplete | |
Configurable | False | |
Platforms | Supported on all platforms |
last-clear string
Description | Time of the last clear command performed by the user at this level or a higher level | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference statistics last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
last-match string
Description | The elapsed time since a packet last matched the entry, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference statistics last-match string | |
Tree | last-match | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
matched-packets number
Description | The number of packets matching the entry since it was programmed or since the last clear, considering the mgmt0 subinterface and all subinterfaces of all linecard ports that use the ACL as an input ACL | |
Context | acl interface interface-id string output acl-filter name reference type reference entry sequence-id reference statistics matched-packets number | |
Tree | matched-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
statistics
Description | Container for policer scope=subinterface and per-entry-statistics=false statistics | |
Context | acl interface interface-id string output statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
last-clear string
Description | Time of the last clear command performed by the user at this level | |
Context | acl interface interface-id string output statistics last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
policer
Description | Policer stats for traffic matching one or multiple entries: List of ACL policer statistics of scope=subinterface and per-entry-statistics=false, and acl configured with subinterface-specific=false. | |
Context | acl interface interface-id string output statistics policer | |
Tree | policer | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string output statistics policer conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl interface interface-id string output statistics policer conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl interface interface-id string output statistics policer exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl interface interface-id string output statistics policer exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
policers
policer name string
name string
entry-specific boolean
Description | Controls the instantiation of the policer between filter entries false: one policer instance is created from this template and it is shared by all entries of in the same ACL filter that refer to this policer true: multiple policer instances are created from this template, one for each ACL filter entry that refers to this policer | |
Context | acl policers policer name string entry-specific boolean | |
Tree | entry-specific | |
Default | false | |
Configurable | True | |
Platforms | Supported on all platforms |
max-burst number
peak-rate number
scope keyword
Description | Controls the instantiation of the policer between subinterfaces global: policer is instantiated per direction and shared between ACL, requires filter subinterface-specific disabled subinterface: policer is instantiated per subinterface and per direction, requires filter subinterface-specific input-and-ouput | |
Context | acl policers policer name string scope keyword | |
Tree | scope | |
Default | global | |
Options |
| |
Configurable | True | |
Platforms | 7220 IXR-D1, 7220 IXR-D2, 7220 IXR-D2L, 7220 IXR-D3, 7220 IXR-D3L, 7220 IXR-D4, 7220 IXR-D5 |
statistics
Description | Container for linecard policer statistics. | |
Context | acl policers policer name string statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
aggregate
Description | None of these statistics are populated if the policer is configured as entry-specific=true. If entry-specific=false and subinterface-specific=true, this is sum of all the entries and all the policer templates instantiated for all subintrefaces. If entry-specific=false and subinterface-specific=false, this is sum of all the entries using this policer template. | |
Context | acl policers policer name string statistics aggregate | |
Tree | aggregate | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl policers policer name string statistics aggregate conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl policers policer name string statistics aggregate conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl policers policer name string statistics aggregate exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl policers policer name string statistics aggregate exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
last-clear string
Description | Time of the last clear command that applied to these statistics | |
Context | acl policers policer name string statistics aggregate last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | 7220 IXR-D4, 7220 IXR-D5, 7250 IXR-10, 7250 IXR-10e, 7250 IXR-6, 7250 IXR-6e |
system-cpu-policer name string
Description | List of system CPU policer templates. For each policer in this list one or more policer instances are implemented in the XDP-CPM software and these policer instances process the aggregate of terminating traffic received from all linecards. | |
Context | acl policers system-cpu-policer name string | |
Tree | system-cpu-policer | |
Configurable | True | |
Platforms | Supported on all platforms |
name string
Description | User-defined name of the policer | |
Context | acl policers system-cpu-policer name string | |
String Length | 1 to 255 | |
Configurable | True | |
Platforms | Supported on all platforms |
entry-specific boolean
Description | If set to false, only one policer instance is created from this template and it is shared by all entries of all cpm-filter ACLs that refer to this policer. If set to true, multiple policer instances are created from this template, one for each cpm-filter entry that refers to the policer template. | |
Context | acl policers system-cpu-policer name string entry-specific boolean | |
Tree | entry-specific | |
Default | false | |
Configurable | True | |
Platforms | Supported on all platforms |
max-packet-burst number
Description | The maximum depth of the policer bucket in number of packets | |
Context | acl policers system-cpu-policer name string max-packet-burst number | |
Tree | max-packet-burst | |
Range | 16 to 4000000 | |
Default | 16 | |
Configurable | True | |
Platforms | Supported on all platforms |
peak-packet-rate number
Description | The maximum number of packets per second (bucket empty/fill rate) | |
Context | acl policers system-cpu-policer name string peak-packet-rate number | |
Tree | peak-packet-rate | |
Range | 1 to 4000000 | |
Configurable | True | |
Platforms | Supported on all platforms |
statistics
Description | Container for system CPU policer statistics None of these statistics are populated if the policer is configured as entry-specific=true. | |
Context | acl policers system-cpu-policer name string statistics | |
Tree | statistics | |
Configurable | False | |
Platforms | Supported on all platforms |
conforming-octets number
Description | The number of bytes that were considered conforming by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl policers system-cpu-policer name string statistics conforming-octets number | |
Tree | conforming-octets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
conforming-packets number
Description | The number of packets (actually Ethernet frames) that were considered conforming by the policer | |
Context | acl policers system-cpu-policer name string statistics conforming-packets number | |
Tree | conforming-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
exceeding-octets number
Description | The number of bytes that were considered exceeding by the policer. The byte count includes 18 bytes of Ethernet overhead for every IP packet. | |
Context | acl policers system-cpu-policer name string statistics exceeding-octets number | |
Tree | exceeding-octets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
exceeding-packets number
Description | The number of packets (actually Ethernet frames) that were considered exceeding by the policer | |
Context | acl policers system-cpu-policer name string statistics exceeding-packets number | |
Tree | exceeding-packets | |
Default | 0 | |
Configurable | False | |
Platforms | Supported on all platforms |
last-clear string
Description | Time of the last clear command that applied to these statistics | |
Context | acl policers system-cpu-policer name string statistics last-clear string | |
Tree | last-clear | |
String Length | 20 to 32 | |
Configurable | False | |
Platforms | Supported on all platforms |
tcam-profile keyword
Description | Specify the TCAM resource management profile | |
Context | acl tcam-profile keyword | |
Tree | tcam-profile | |
Options |
| |
Configurable | True | |
Platforms | 7220 IXR-D4, 7220 IXR-D5 |