.. _access_list: access-list =========== Configure Access List access-list Specification ------------------------- ===================================== ==================================================== ===================================== ==================================================== **Type** *Intermediate Resource* **Element Name** access-list **Element URI** /axapi/v3/access-list **Element Attributes** access-list_attributes **Schema** :download:`access-list schema ` ===================================== ==================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/access-list .. raw:: html access-list_attributes .. raw:: html
.. _110_access-list_attributes: access-list attributes ---------------------- **extended-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/access-list/extended/{extd} ` **ipv4** **Description:** ipv4 is a **JSON Block**. Please see below for :ref:`110_ipv4` **Type:** Object **Reference Object:** :doc:`/axapi/v3/access-list/ipv4 ` **ipv6** **Description:** ipv6 is a **JSON Block**. Please see below for :ref:`110_ipv6` **Type:** Object **Reference Object:** :doc:`/axapi/v3/access-list/ipv6 ` **standard-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/access-list/standard/{std} ` **summary** **Description:** summary is a **JSON Block**. Please see below for :ref:`110_summary` **Type:** Object **Reference Object:** :doc:`/axapi/v3/access-list/summary ` .. _110_extended-list: extended-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **extd** **Description** IP extended access list **Type:** number **Range:** 100-199 **rules** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _110_extended-list_rules: extended-list_rules ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **acl-log** **Description** Log matches against this entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **any-code** **Description** Any ICMP code **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any-code icmp-code and special-code are mutually exclusive **any-type** **Description** Any ICMP type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any-type icmp-type and special-type are mutually exclusive **dscp** **Description** DSCP **Type:** number **Range:** 1-63 **dst-any** **Description** Any destination host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** dst-anydst-host, dst-subnet and dst-object-group are mutually exclusive **dst-eq** **Description** Match only packets on a given destination port (port number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** dst-eqdst-gt, dst-lt and dst-range are mutually exclusive **dst-gt** **Description** Match only packets with a greater port number **Type:** number **Range:** 1-65534 **Mutual Exclusion:** dst-gtdst-eq, dst-lt and dst-range are mutually exclusive **dst-host** **Description** A single destination host (Host address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** dst-hostdst-any, dst-subnet and dst-object-group are mutually exclusive **dst-lt** **Description** Match only packets with a lesser port number **Type:** number **Range:** 2-65535 **Mutual Exclusion:** dst-ltdst-eq, dst-gt and dst-range are mutually exclusive **dst-mask** **Description** Destination Mask 0=apply 255=ignore **Type:** string **Format:** ipv4-rev-netmask **dst-object-group** **Description** Destination network object group name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-object-groupdst-any, dst-host and dst-subnet are mutually exclusive **dst-port-end** **Description** Edning Destination Port Number **Type:** number **Range:** 1-65535 **dst-range** **Description** Match only packets in the range of port numbers (Starting Destination Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** dst-rangedst-eq, dst-gt and dst-lt are mutually exclusive **dst-subnet** **Description** Destination Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** dst-subnetdst-any, dst-host and dst-object-group are mutually exclusive **established** **Description** TCP established **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ethernet** **Description** Ethernet interface (Port number) **Type:** number **Format:** interface **extd-action** **Description** 'deny': Deny; 'permit': Permit; 'l3-vlan-fwd-disable': Disable L3 forwarding between VLANs; **Type:** string **Supported Values:** deny, permit, l3-vlan-fwd-disable **extd-remark** **Description** Access list entry comment (Notes for this ACL) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **extd-seq-num** **Description** Sequence number **Type:** number **Range:** 1-8192 **fragments** **Description** IP fragments **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **icmp** **Description** Internet Control Message Protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** icmptcp, udp, ip and service-obj-group are mutually exclusive **icmp-code** **Description** ICMP code number **Type:** number **Range:** 0-254 **Mutual Exclusion:** icmp-code any-code and special-code are mutually exclusive **icmp-type** **Description** ICMP type number **Type:** number **Range:** 0-254 **Mutual Exclusion:** icmp-type any-type and special-type are mutually exclusive **ip** **Description** Any Internet Protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ipicmp, tcp, udp and service-obj-group are mutually exclusive **service-obj-group** **Description** Service object group (Source object group name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** service-obj-groupicmp, tcp, udp and ip are mutually exclusive **special-code** **Description** 'frag-required': Code 4, fragmentation required; 'host-unreachable': Code 1, destination host unreachable; 'network-unreachable': Code 0, destination network unreachable; 'port-unreachable': Code 3, destination port unreachable; 'proto-unreachable': Code 2, destination protocol unreachable; 'route-failed': Code 5, source route failed; **Type:** string **Supported Values:** frag-required, host-unreachable, network-unreachable, port-unreachable, proto-unreachable, route-failed **Mutual Exclusion:** special-code any-code and icmp-code are mutually exclusive **special-type** **Description** 'echo-reply': Type 0, echo reply; 'echo-request': Type 8, echo request; 'info-reply': Type 16, information reply; 'info-request': Type 15, information request; 'mask-reply': Type 18, address mask reply; 'mask-request': Type 17, address mask request; 'parameter-problem': Type 12, parameter problem; 'redirect': Type 5, redirect message; 'source-quench': Type 4, source quench; 'time-exceeded': Type 11, time exceeded; 'timestamp': Type 13, timestamp; 'timestamp-reply': Type 14, timestamp reply; 'dest-unreachable': Type 3, destination unreachable; **Type:** string **Supported Values:** echo-reply, echo-request, info-reply, info-request, mask-reply, mask-request, parameter-problem, redirect, source-quench, time-exceeded, timestamp, timestamp-reply, dest-unreachable **Mutual Exclusion:** special-type icmp-type and any-type are mutually exclusive **src-any** **Description** Any source host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** src-anysrc-host, src-subnet and src-object-group are mutually exclusive **src-eq** **Description** Match only packets on a given source port (port number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** src-eqsrc-gt, src-lt and src-range are mutually exclusive **src-gt** **Description** Match only packets with a greater port number **Type:** number **Range:** 1-65534 **Mutual Exclusion:** src-gtsrc-eq, src-lt and src-range are mutually exclusive **src-host** **Description** A single source host (Host address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** src-hostsrc-any, src-subnet and src-object-group are mutually exclusive **src-lt** **Description** Match only packets with a lower port number **Type:** number **Range:** 2-65535 **Mutual Exclusion:** src-ltsrc-eq, src-gt and src-range are mutually exclusive **src-mask** **Description** Source Mask 0=apply 255=ignore **Type:** string **Format:** ipv4-rev-netmask **src-object-group** **Description** Network object group (Source network object group name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-object-groupsrc-any, src-host and src-subnet are mutually exclusive **src-port-end** **Description** Ending Port Number **Type:** number **Range:** 1-65535 **src-range** **Description** match only packets in the range of port numbers (Starting Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** src-rangesrc-eq, src-gt and src-lt are mutually exclusive **src-subnet** **Description** Source Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** src-subnetsrc-any, src-host and src-object-group are mutually exclusive **tcp** **Description** protocol TCP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** tcpicmp, udp, ip and service-obj-group are mutually exclusive **transparent-session-only** **Description** Only log transparent sessions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **trunk** **Description** Ethernet trunk (trunk number) **Type:** number **Format:** interface **udp** **Description** protocol UDP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** udpicmp, tcp, ip and service-obj-group are mutually exclusive **vlan** **Description** VLAN ID **Type:** number **Range:** 1-4094 .. _110_summary: summary ^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _110_ipv4: ipv4 ^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _110_standard-list: standard-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **std** **Description** IP standard access list **Type:** number **Range:** 1-99 **stdrules** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _110_standard-list_stdrules: standard-list_stdrules ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'deny': Deny; 'permit': Permit; 'l3-vlan-fwd-disable': Disable L3 forwarding between VLANs; **Type:** string **Supported Values:** deny, permit, l3-vlan-fwd-disable **any** **Description** Any source host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any host and subnet are mutually exclusive **host** **Description** A single source host (Host address) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** host any and subnet are mutually exclusive **log** **Description** Log matches against this entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rev-subnet-mask** **Description** Network Mask 0=apply 255=ignore **Type:** string **Format:** ipv4-rev-netmask **seq-num** **Description** Sequence number **Type:** number **Range:** 1-8192 **std-remark** **Description** Access list entry comment (Notes for this ACL) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **subnet** **Description** Source Address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** subnet any and host are mutually exclusive **transparent-session-only** **Description** Only log transparent sessions **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _110_ipv6: ipv6 ^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters