ipv4acl:ACE

IPv4 access-list entry

Telemetry Sensor Path(s)

Configurable Properties
PROPERTY NAME DATA TYPE DESCRIPTION PERMITTED VALUES
ack scalar:Bool
tcp ack SELECTION: true or false
action acl:ActionType
(scalar:Enum8)
Specify packets to forward or reject SELECTION:
0 - invalid
1 - permit
2 - deny
DEFAULT: invalid
captureSession acl:CaptureSes
(scalar:Uint16)
capture session
RANGE: [0 , 48]
DEFAULT: invalid
dscp scalar:UByte
dscp
RANGE: [0 , 63]
dscpMask scalar:UByte
dscpMask
RANGE: [0 , 63]
dstAddrGroup acl:Name
(string:Basic)
Destination address group
MAX SIZE: 63
dstPort1 acl:PortNumber
(scalar:Uint16)
First destination port number SELECTION:
7 - echo
9 - discard
13 - daytime
19 - chargen
20 - ftp-data
21 - ftp
23 - telnet
25 - smtp
37 - time
42 - nameserver
43 - whois
49 - tacacs
53 - domain
67 - bootps
68 - bootpc
69 - tftp
70 - gopher
79 - finger
80 - www
101 - hostname
109 - pop2
110 - pop3
111 - sunrpc
113 - ident
119 - nntp
123 - ntp
137 - netbios-ns
138 - netbios-dgm
139 - netbios-ss
161 - snmp
162 - snmptrap
177 - xdmcp
179 - bgp
194 - irc
195 - dnsix
434 - mobile-ip
496 - pim-auto-rp
500 - isakmp
512 - biff
512 - exec
513 - who
513 - login
514 - syslog
514 - cmd
515 - lpd
517 - talk
520 - rip
540 - uucp
543 - klogin
544 - kshell
3949 - drip
4500 - non500-isakmp
DEFAULT: 0
dstPort2 acl:PortNumber
(scalar:Uint16)
Second destination port number SELECTION:
7 - echo
9 - discard
13 - daytime
19 - chargen
20 - ftp-data
21 - ftp
23 - telnet
25 - smtp
37 - time
42 - nameserver
43 - whois
49 - tacacs
53 - domain
67 - bootps
68 - bootpc
69 - tftp
70 - gopher
79 - finger
80 - www
101 - hostname
109 - pop2
110 - pop3
111 - sunrpc
113 - ident
119 - nntp
123 - ntp
137 - netbios-ns
138 - netbios-dgm
139 - netbios-ss
161 - snmp
162 - snmptrap
177 - xdmcp
179 - bgp
194 - irc
195 - dnsix
434 - mobile-ip
496 - pim-auto-rp
500 - isakmp
512 - biff
512 - exec
513 - who
513 - login
514 - syslog
514 - cmd
515 - lpd
517 - talk
520 - rip
540 - uucp
543 - klogin
544 - kshell
3949 - drip
4500 - non500-isakmp
DEFAULT: 0
dstPortGroup acl:Name
(string:Basic)
Destination port group
MAX SIZE: 63
dstPortMask acl:PortNumber
(scalar:Uint16)
Destination Port Mask SELECTION:
7 - echo
9 - discard
13 - daytime
19 - chargen
20 - ftp-data
21 - ftp
23 - telnet
25 - smtp
37 - time
42 - nameserver
43 - whois
49 - tacacs
53 - domain
67 - bootps
68 - bootpc
69 - tftp
70 - gopher
79 - finger
80 - www
101 - hostname
109 - pop2
110 - pop3
111 - sunrpc
113 - ident
119 - nntp
123 - ntp
137 - netbios-ns
138 - netbios-dgm
139 - netbios-ss
161 - snmp
162 - snmptrap
177 - xdmcp
179 - bgp
194 - irc
195 - dnsix
434 - mobile-ip
496 - pim-auto-rp
500 - isakmp
512 - biff
512 - exec
513 - who
513 - login
514 - syslog
514 - cmd
515 - lpd
517 - talk
520 - rip
540 - uucp
543 - klogin
544 - kshell
3949 - drip
4500 - non500-isakmp
DEFAULT: 0
dstPortOp acl:Operator
(scalar:Enum8)
Destination port operator SELECTION:
0 - none
4 - lt
5 - gt
6 - eq
7 - neq
8 - range
DEFAULT: none
dstPrefix ipv4acl:IPv4Prefix
(address:IPv4)
Destination IPv4 prefix Value must match ipv4 format
dstPrefixLength ipv4acl:IPv4PrefixLen
(scalar:UByte)
Destination IPv4 prefix length
RANGE: [0 , 32]
DEFAULT: 0
dstPrefixMask ipv4acl:IPv4PrefixMask
(address:IPv4)
Destination IPv4 prefix mask Value must match ipv4 format
est scalar:Bool
tcp est SELECTION: true or false
fin scalar:Bool
tcp fin SELECTION: true or false
fragment scalar:Bool
Non-initial fragment SELECTION: true or false
httpOption acl:HttpOptionType
(scalar:Enum8)
http option http-method SELECTION:
0 - invalid
1 - get
2 - put
3 - head
4 - post
5 - delete
6 - trace
7 - connect
DEFAULT: invalid
icmpCode ipv4acl:ICMPCode
(scalar:Uint16)
ICMP code
RANGE: [0 , 256]
DEFAULT: 256
icmpStr ipv4acl:ICMPEnum
(scalar:Uint16)
ICMP type SELECTION:
0 - echo-reply
1 - unreachable
2 - net-unreachable
3 - host-unreachable
4 - dod-host-prohibited
5 - net-tos-unreachable
6 - host-tos-unreachable
7 - administratively-prohibited
8 - host-precedence-unreachable
9 - precedence-unreachable
10 - protocol-unreachable
11 - port-unreachable
12 - packet-too-big
13 - source-route-failed
14 - network-unknown
15 - host-unknown
16 - host-isolated
17 - dod-net-prohibited
18 - source-quench
19 - redirect
20 - net-redirect
21 - host-redirect
22 - net-tos-redirect
23 - host-tos-redirect
24 - alternate-address
25 - echo
26 - router-advertisement
27 - router-solicitation
28 - time-exceeded
29 - ttl-exceeded
30 - reassembly-timeout
31 - parameter-problem
32 - general-parameter-problem
33 - option-missing
34 - no-room-for-option
35 - timestamp-request
36 - timestamp-reply
37 - information-request
38 - information-reply
39 - mask-request
40 - mask-reply
41 - traceroute
42 - conversion-error
43 - mobile-redirect
DEFAULT: 256
icmpType ipv4acl:ICMPType
(scalar:Uint16)
ICMP type
RANGE: [0 , 256]
DEFAULT: 256
igmpType ipv4acl:IGMPType
(scalar:UByte)
IGMP type
RANGE: [0 , 16]
DEFAULT: 16
logging scalar:Bool
Log matches against ACL entry SELECTION: true or false
DEFAULT: false
pktLen1 acl:PktLen
(scalar:Uint16)
first packet length
RANGE: [19 , 9210]
DEFAULT: invalid
pktLen2 acl:PktLen
(scalar:Uint16)
second packet length
RANGE: [19 , 9210]
DEFAULT: invalid
pktLenOp acl:Operator
(scalar:Enum8)
packet length operator SELECTION:
0 - none
4 - lt
5 - gt
6 - eq
7 - neq
8 - range
DEFAULT: none
precedence ipv4acl:Precedence
(scalar:UByte)
IPv4 precedence
RANGE: [0 , 8]
DEFAULT: 8
protocol ipv4acl:Protocol
(scalar:UByte)
Protocol for access-list entry SELECTION:
0 - ip
1 - icmp
2 - igmp
6 - tcp
17 - udp
47 - gre
50 - esp
51 - ahp
88 - eigrp
89 - ospf
94 - nos
103 - pim
108 - pcp
254 - udf
DEFAULT: 255
protocolMask ipv4acl:Protocol
(scalar:UByte)
Defines the Protocol Mask SELECTION:
0 - ip
1 - icmp
2 - igmp
6 - tcp
17 - udp
47 - gre
50 - esp
51 - ahp
88 - eigrp
89 - ospf
94 - nos
103 - pim
108 - pcp
254 - udf
DEFAULT: 255
psh scalar:Bool
tcp psh SELECTION: true or false
redirect string:Basic
Redirect action
RANGE: [0 , 576]
remark acl:RemarkStr
(string:Basic)
Access-list entry comment
MAX SIZE: 99
rev scalar:Bool
tcp reversed SELECTION: true or false
rst scalar:Bool
tcp rst SELECTION: true or false
seqNum acl:SequenceNumber
(scalar:Uint32)
Sequence number
RANGE: [0 , 4294967295]
srcAddrGroup acl:Name
(string:Basic)
Source address group
MAX SIZE: 63
srcPort1 acl:PortNumber
(scalar:Uint16)
First source port SELECTION:
7 - echo
9 - discard
13 - daytime
19 - chargen
20 - ftp-data
21 - ftp
23 - telnet
25 - smtp
37 - time
42 - nameserver
43 - whois
49 - tacacs
53 - domain
67 - bootps
68 - bootpc
69 - tftp
70 - gopher
79 - finger
80 - www
101 - hostname
109 - pop2
110 - pop3
111 - sunrpc
113 - ident
119 - nntp
123 - ntp
137 - netbios-ns
138 - netbios-dgm
139 - netbios-ss
161 - snmp
162 - snmptrap
177 - xdmcp
179 - bgp
194 - irc
195 - dnsix
434 - mobile-ip
496 - pim-auto-rp
500 - isakmp
512 - biff
512 - exec
513 - who
513 - login
514 - syslog
514 - cmd
515 - lpd
517 - talk
520 - rip
540 - uucp
543 - klogin
544 - kshell
3949 - drip
4500 - non500-isakmp
DEFAULT: 0
srcPort2 acl:PortNumber
(scalar:Uint16)
Second source port SELECTION:
7 - echo
9 - discard
13 - daytime
19 - chargen
20 - ftp-data
21 - ftp
23 - telnet
25 - smtp
37 - time
42 - nameserver
43 - whois
49 - tacacs
53 - domain
67 - bootps
68 - bootpc
69 - tftp
70 - gopher
79 - finger
80 - www
101 - hostname
109 - pop2
110 - pop3
111 - sunrpc
113 - ident
119 - nntp
123 - ntp
137 - netbios-ns
138 - netbios-dgm
139 - netbios-ss
161 - snmp
162 - snmptrap
177 - xdmcp
179 - bgp
194 - irc
195 - dnsix
434 - mobile-ip
496 - pim-auto-rp
500 - isakmp
512 - biff
512 - exec
513 - who
513 - login
514 - syslog
514 - cmd
515 - lpd
517 - talk
520 - rip
540 - uucp
543 - klogin
544 - kshell
3949 - drip
4500 - non500-isakmp
DEFAULT: 0
srcPortGroup acl:Name
(string:Basic)
Source port group
MAX SIZE: 63
srcPortMask acl:PortNumber
(scalar:Uint16)
Defines the Source Port Mask SELECTION:
7 - echo
9 - discard
13 - daytime
19 - chargen
20 - ftp-data
21 - ftp
23 - telnet
25 - smtp
37 - time
42 - nameserver
43 - whois
49 - tacacs
53 - domain
67 - bootps
68 - bootpc
69 - tftp
70 - gopher
79 - finger
80 - www
101 - hostname
109 - pop2
110 - pop3
111 - sunrpc
113 - ident
119 - nntp
123 - ntp
137 - netbios-ns
138 - netbios-dgm
139 - netbios-ss
161 - snmp
162 - snmptrap
177 - xdmcp
179 - bgp
194 - irc
195 - dnsix
434 - mobile-ip
496 - pim-auto-rp
500 - isakmp
512 - biff
512 - exec
513 - who
513 - login
514 - syslog
514 - cmd
515 - lpd
517 - talk
520 - rip
540 - uucp
543 - klogin
544 - kshell
3949 - drip
4500 - non500-isakmp
DEFAULT: 0
srcPortOp acl:Operator
(scalar:Enum8)
Source port operator SELECTION:
0 - none
4 - lt
5 - gt
6 - eq
7 - neq
8 - range
DEFAULT: none
srcPrefix ipv4acl:IPv4Prefix
(address:IPv4)
Source IPv4 prefix Value must match ipv4 format
srcPrefixLength ipv4acl:IPv4PrefixLen
(scalar:UByte)
Source IPv4 prefix length
RANGE: [0 , 32]
DEFAULT: 0
srcPrefixMask ipv4acl:IPv4PrefixMask
(address:IPv4)
Source IPv4 prefix mask Value must match ipv4 format
syn scalar:Bool
tcp syn SELECTION: true or false
tcpFlagsMask acl:TcpFlagsMask
(scalar:UByte)
tcp flags mask
RANGE: [0 , 64]
DEFAULT: invalid
tcpOptionLength acl:TcpOptionLengthType
(scalar:Uint32)
TCP options length
RANGE: [0 , 41]
DEFAULT: invalid
telemetryPath scalar:Bool
telemetry path action SELECTION: true or false
telemetryQueue scalar:Bool
telemetry queue action SELECTION: true or false
timeRange acl:Name
(string:Basic)
time range name
MAX SIZE: 63
tos ipv4acl:Tos
(scalar:UByte)
capture session
RANGE: [0 , 15]
DEFAULT: 0
ttl scalar:UByte
TTL Operator RANGE: [0, 255]
urg scalar:Bool
tcp urg SELECTION: true or false
vlan acl:VlanType
(scalar:Uint32)
vlan
RANGE: [0 , 4095]
DEFAULT: 4095
vni acl:VniType
(scalar:Uint32)
nve vni ID
RANGE: [0 , 16777216]
DEFAULT: invalid

Operational Properties
PROPERTY NAME DATA TYPE DESCRIPTION POSSIBLE VALUES
configStatus acl:ConfigState
(scalar:UByte)
config status SELECTION:
0 - configSuccess
1 - configError
DEFAULT: 0
packets scalar:Uint64
Number of packets hitting ACE RANGE: [0, 18446744073709551615]

Internal Properties
PROPERTY NAME DATA TYPE DESCRIPTION POSSIBLE VALUES
modTs mo:TStamp
(scalar:Date)
The time when this object was last modified. SELECTION:
0 - never
DEFAULT: never
status mo:ModificationStatus
(scalar:Bitmask32)
The upgrade status. This property is for internal use only. SELECTION:
2 - created
4 - modified
8 - deleted
16 - replaced