N Commands

name-lookup

[no] name-lookup

Syntax Description

no

(Optional) Negate a command or set its defaults

name-lookup

Enable Name Lookup for OSPFv3 Neighbors

Command Mode

  • /exec/configure/router-ospf3 /exec/configure/router-ospf3/vrf

name-lookup

[no] name-lookup

Syntax Description

no

(Optional) Negate a command or set its defaults

name-lookup

Display OSPF router ids as DNS names

Command Mode

  • /exec/configure/router-ospf /exec/configure/router-ospf/vrf

name

name <vlan-name> | no name

Syntax Description

no

Negate a command or set its defaults

name

Ascii name of the VLAN

vlan-name

The ascii name for the VLAN

Command Mode

  • /exec/configure/vlan

name

name <name-val> | no name [ <name-val> ]

Syntax Description

no

Negate a command or set its defaults

name

Set configuration name

name-val

Configuration name

Command Mode

  • /exec/configure/spanning-tree/mst/configuration

name

name [ <name> ] | no name

Syntax Description

no

Negate a command or set its defaults

name

Redundancy name string

name

(Optional) name string

Command Mode

  • /exec/configure/if-eth-any/hsrp_ipv4 /exec/configure/if-eth-any/hsrp_ipv6

nat destination

{ nat destination } | { no nat destination }

Syntax Description

no

Negate a command or set its defaults

nat

Network Address Translation

destination

Destination NAT

Command Mode

  • /exec/configure/itd

nbm bandwidth unicast

nbm bandwidth unicast <percentage> | no nbm bandwidth unicast

Syntax Description

no

Negate a command or set its defaults

nbm

Non Blocking Multicast

bandwidth

percentage of bandwidth set aside other than multicast

unicast

unicast

percentage

percentage value. 0 means no reservation for unicast on this link

Command Mode

  • /exec/configure/if-igp

nbm external-link

[no] nbm external-link

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

external-link

link connected to external router. Configuring this will flap the interface

Command Mode

  • /exec/configure/if-igp

nbm flow-definition

[no] nbm flow-definition <group> [ <source> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow-definition

Define a multicast flow

group

Multicast Group Address

source

(Optional) Source IP address to use

Command Mode

  • /exec/configure

nbm flow-definition

[no] nbm flow-definition <group> [ <source> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow-definition

Define a multicast flow

group

Multicast Group Address

source

(Optional) Source IP address to use

Command Mode

  • /exec/configure/nbm-vrf

nbm flow-policy

[no] nbm flow-policy

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow-policy

Flow Policy Characteristics

Command Mode

  • /exec/configure/nbm-vrf

nbm flow-policy

[no] nbm flow-policy

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow-policy

Flow Policy Characteristics

Command Mode

  • /exec/configure

nbm flow asm range

[no] nbm flow asm range <group> +

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

asm

Any-Source Multicast (ASM) groups

range

Configure explicit group ranges

group

List of group range prefixes

Command Mode

  • /exec/configure

nbm flow asm range

[no] nbm flow asm range <group> +

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

asm

Any-Source Multicast (ASM) groups

range

Configure explicit group ranges

group

List of group range prefixes

Command Mode

  • /exec/configure/nbm-vrf

nbm flow bandwidth immediate-recovery

[no] nbm flow bandwidth immediate-recovery

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

bandwidth

Bandwidth per flow

immediate-recovery

Free up used BW immediately on last OIF removal

Command Mode

  • /exec/configure/nbm-vrf

nbm flow bandwidth immediate-recovery

[no] nbm flow bandwidth immediate-recovery

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

bandwidth

Bandwidth per flow

immediate-recovery

Free up used BW immediately on last OIF removal

Command Mode

  • /exec/configure

nbm flow bandwidth kbps mbps gbps

{ nbm flow bandwidth { <val_kbps> kbps | <val_mbps> mbps | <val_gbps> gbps } } | { no nbm flow bandwidth }

Syntax Description

no

Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

bandwidth

Bandwidth per flow

val_kbps

Per Flow Bandwidth in Kbps

kbps

Bandwidth value in Kbps

val_mbps

Per Flow Bandwidth in Mbps

mbps

Bandwidth value in Mbps

val_gbps

Per Flow Bandwidth in Gbps

gbps

Bandwidth value in Gbps

Command Mode

  • /exec/configure

nbm flow bandwidth kbps mbps gbps

{ nbm flow bandwidth { <val_kbps> kbps | <val_mbps> mbps | <val_gbps> gbps } } | { no nbm flow bandwidth }

Syntax Description

no

Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

bandwidth

Bandwidth per flow

val_kbps

Per Flow Bandwidth in Kbps

kbps

Bandwidth value in Kbps

val_mbps

Per Flow Bandwidth in Mbps

mbps

Bandwidth value in Mbps

val_gbps

Per Flow Bandwidth in Gbps

gbps

Bandwidth value in Gbps

Command Mode

  • /exec/configure/nbm-vrf

nbm flow dscp

{ nbm flow dscp <val_dscp> } | { no nbm flow dscp }

Syntax Description

no

Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

dscp

DSCP for the flow

val_dscp

Integer value

Command Mode

  • /exec/configure/nbm-vrf

nbm flow dscp

{ nbm flow dscp <val_dscp> } | { no nbm flow dscp }

Syntax Description

no

Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

dscp

DSCP for the flow

val_dscp

Integer value

Command Mode

  • /exec/configure

nbm flow policer

[no] nbm flow policer

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

policer

Flow rate limiter installed in hardware

Command Mode

  • /exec/configure

nbm flow policer

[no] nbm flow policer

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

policer

Flow rate limiter installed in hardware

Command Mode

  • /exec/configure/nbm-vrf

nbm flow reserve-bandwidth receiver-only

[no] nbm flow reserve-bandwidth receiver-only

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

reserve-bandwidth

Reserve bandwidth

receiver-only

Configure explicit group ranges to restrict reserve bandwidth on receiver only

Command Mode

  • /exec/configure/nbm-vrf

nbm flow reserve-bandwidth receiver-only

[no] nbm flow reserve-bandwidth receiver-only

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

flow

Flow Characteristics

reserve-bandwidth

Reserve bandwidth

receiver-only

Configure explicit group ranges to restrict reserve bandwidth on receiver only

Command Mode

  • /exec/configure

nbm host-policy

[no] nbm host-policy

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

host-policy

NBM SW Host Admission Policy

Command Mode

  • /exec/configure

nbm host-policy

[no] nbm host-policy

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

host-policy

NBM SW Host Admission Policy

Command Mode

  • /exec/configure/nbm-vrf

nbm mode pim

nbm mode { pim-active | pim-passive } [ __readonly__ <output> ]

Syntax Description

nbm

Non Blocking Multicast

mode

Set pmn mode

pim-active

Bandwidth engine running in fabric

pim-passive

API driven flow stitching

__readonly__

(Optional)

output

(Optional)

Command Mode

  • /exec/configure /exec/configure/nbm-vrf

nbm reserve unicast fabric bandwidth

nbm reserve unicast fabric bandwidth <percentage> | no nbm reserve unicast fabric bandwidth

Syntax Description

no

Negate a command or set its defaults

nbm

Non Blocking Multicast

reserve

reserve bandwidth

unicast

unicast

fabric

fabric

bandwidth

percentage of bandwidth for unicast flow

percentage

percentage value

Command Mode

  • /exec/configure /exec/configure/nbm-vrf

nbm vrf

[no] nbm vrf <vrf-name>

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

vrf

Display per-VRF information

vrf-name

VRF name

Command Mode

  • /exec/configure

nbm vrf default

[no] nbm vrf default

Syntax Description

no

(Optional) Negate a command or set its defaults

nbm

Non Blocking Multicast

vrf

Display per-VRF information

default

Default VRF

Command Mode

  • /exec/configure /exec/configure/nbm-vrf

negotiate auto

negotiate auto | no negotiate auto

Syntax Description

no

Negate a command or set its defaults

negotiate

Configure link negotiation parameters

auto

Configure auto-negotiation

Command Mode

  • /exec/configure/if-ethernet-all /exec/configure/if-eth-non-member /exec/configure/if-port-channel

negotiate auto 25000

[no] negotiate auto 25000

Syntax Description

no

(Optional) Negate a command or set its defaults

negotiate

Configure link negotiation parameters

auto

Configure auto-negotiation

25000

Force auto-negotiate to only 25000 and change fec to auto

Command Mode

  • /exec/configure/if-ethernet-all /exec/configure/if-eth-non-member /exec/configure/if-port-channel

neighbor-down fib-accelerate

[no] neighbor-down fib-accelerate

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor-down

Handle BGP neighbor down event, due to various reasons

fib-accelerate

Accelerate the hardware updates for IP/IPv6 adjacencies for neighbor

Command Mode

  • /exec/configure/router-bgp/vrf-cmds

neighbor

[no] neighbor { <neighbor-prefix> | <ipv6-neighbor-prefix> } [ remote-as [ <asn> | route-map <rmap-name> ] ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-prefix

IP prefix for neighbors

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

route-map

(Optional) Route-map to match prefix peer AS number

rmap-name

(Optional) Route-map name

Command Mode

  • /exec/configure/router-bgp/router-bgp-vrf

neighbor

neighbor [ vrf { <vrf-name> | <vrf-known-name> } ] <ipaddr> { implicit-withdraw | labels accept <pfx-list> | targeted } | no neighbor [ vrf { <vrf-name> | <vrf-known-name> } ] <ipaddr> [ implicit-withdraw | labels accept | targeted ]

Syntax Description

no

Negate a command or set its defaults

neighbor

Configure neighbor parameters

vrf

(Optional) VRF Routing/Forwarding instance information

vrf-name

(Optional) VPN Routing/Forwarding instance name

vrf-known-name

(Optional) Known VRF name

ipaddr

IP address for LDP neighbor

implicit-withdraw

Enable LDP Implicit Withdraw Label

labels

Configure label binding exchange controls

accept

Specify label bindings to accept

pfx-list

Name of prefix list

targeted

Establish targeted session

Command Mode

  • /exec/configure/ldp

neighbor

[no] neighbor { <neighbor-id> | <ipv6-neighbor-id> } [ remote-as <asn> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-id

IP address of the neighbor

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

Command Mode

  • /exec/configure/router-bgp

neighbor

[no] neighbor { <neighbor-id> | <ipv6-neighbor-id> } [ remote-as <asn> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-id

IP address of the neighbor

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

Command Mode

  • /exec/configure/router-bgp/router-bgp-vrf

neighbor

[no] neighbor { <neighbor-prefix> | <ipv6-neighbor-prefix> } [ remote-as [ <asn> | route-map <rmap-name> ] ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

neighbor-prefix

IP prefix for neighbors

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

route-map

(Optional) Route-map to match prefix peer AS number

rmap-name

(Optional) Route-map name

Command Mode

  • /exec/configure/router-bgp

neighbor

[no] neighbor <interface> [ remote-as [ <asn> | route-map <rmap-name> ] ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

interface

Interface name for BGP interface peering

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

route-map

(Optional) Route-map to match interface peer AS number

rmap-name

(Optional) Route-map name

Command Mode

  • /exec/configure/router-bgp

neighbor

[no] neighbor <interface> [ remote-as [ <asn> | route-map <rmap-name> ] ]

Syntax Description

no

(Optional) Negate a command or set its defaults

neighbor

Configure a BGP neighbor

interface

Interface name for BGP interface peering

remote-as

(Optional) Specify Autonomous System Number of the neighbor

asn

(Optional) Autonomous System Number

route-map

(Optional) Route-map to match interface peer AS number

rmap-name

(Optional) Route-map name

Command Mode

  • /exec/configure/router-bgp/router-bgp-vrf

nemo config address port interval

[no] nemo config address <ip_address> port <portnum> interval <interval-num>

Syntax Description

no

(Optional) Negate a command or set its defaults

nemo

Nemo switch onboarding enabler

config

Configure Nemo for switch onboarding

address

IP address of the Nemo platform

ip_address

IP Address

port

Port number of the Nemo platform

portnum

Port number

interval

Config interval in millisecond

interval-num

Config interval in millisecond

Command Mode

  • /exec/configure

net

[no] net <net>

Syntax Description

no

(Optional) Negate a command or set its defaults

net

Configure Network Entity Title for IS-IS

net

NET in form of XX.XXXX. ... .XXXX[.00]

Command Mode

  • /exec/configure/otv-isis

net

[no] net <net>

Syntax Description

no

(Optional) Negate a command or set its defaults

net

Configure Network Entity Title for IS-IS

net

NET in form of XX.XXXX. ... .XXXX[.00]

Command Mode

  • /exec/configure/router-isis/router-isis-vrf-common

network

[no] network { <ip-addr> mask <ip-mask> | <ip-prefix> } [ route-map <rmap-name> | summarize | evpn ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

network

Configure an IP prefix to advertise

ip-addr

IP network to advertise

mask

Configure the mask of the IP prefix to advertise

ip-mask

Dotted 4-octet mask

ip-prefix

IP prefix in CIDR format

route-map

(Optional) Apply route-map to modify attributes

rmap-name

(Optional) Route-map name

summarize

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

evpn

(Optional) Only advertise route towards evpn side

Command Mode

  • /exec/configure/router-bgp/router-bgp-af-ipv4 /exec/configure/router-bgp/router-bgp-vrf-af-ipv4

network

[no] network <ipv6-prefix> [ route-map <rmap-name> | summarize ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

network

Configure an IPv6 prefix to advertise

route-map

(Optional) Apply route-map to modify attributes

rmap-name

(Optional) Route-map name

summarize

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

Command Mode

  • /exec/configure/router-bgp/router-bgp-af-ipv6 /exec/configure/router-bgp/router-bgp-vrf-af-ipv6

next-hop-self

[ no | default ] next-hop-self [ all ]

Syntax Description

no

(Optional) Negate a command or set its defaults

default

(Optional) Inherit values from a peer template

next-hop-self

Set our address as nexthop (non-reflected)

all

(Optional) Set our address as nexthop for all routes

Command Mode

  • /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-label /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-vpnv4 /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-vpnv6 /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-mdt

next-hop-third-party

[ no | default ] next-hop-third-party

Syntax Description

no

(Optional) Negate a command or set its defaults

default

(Optional) Inherit values from a peer template

next-hop-third-party

Compute a third-party nexthop if possible

Command Mode

  • /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-label /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv6-label /exec/configure/router-bgp/router-bgp-neighbor/router-bgp-neighbor-af-ipv4-mdt

nexthop route-map

[no] nexthop route-map <rmap-name>

Syntax Description

no

(Optional) Negate a command or set its defaults

nexthop

Nexthop tracking

route-map

Route map for valid nexthops

rmap-name

Route-map name

Command Mode

  • /exec/configure/router-bgp/router-bgp-af /exec/configure/router-bgp/router-bgp-af-l2vpn-evpn /exec/configure/router-bgp/router-bgp-af-link-state /exec/configure/router-bgp/router-bgp-af-ipv4-mvpn /exec/configure/router-bgp/router-bgp-af-ipv6-mvpn /exec/configure/router-bgp/router-bgp-af-ipv4-mdt /exec/configure/router-bgp/router-bgp-af-l2vpn-vpls

nexthop suppress-default-resolution

[no] nexthop suppress-default-resolution

Syntax Description

no

(Optional) Negate a command or set its defaults

nexthop

Nexthop resolution options

suppress-default-resolution

Prohibit use of default route for nexthop address resolution

Command Mode

  • /exec/configure/router-bgp

nexthop trigger-delay critical non-critical

{ nexthop trigger-delay critical <criticaldelay> non-critical <noncriticaldelay> } | { no nexthop trigger-delay }

Syntax Description

no

Negate a command or set its defaults

nexthop

Nexthop tracking

trigger-delay

Set the delay to trigger nexthop tracking

critical

Nexthop changes affecting reachability

non-critical

Other nexthop changes

noncriticaldelay

Delay value (miliseconds)

criticaldelay

Delay value (miliseconds)

Command Mode

  • /exec/configure/router-bgp/router-bgp-af /exec/configure/router-bgp/router-bgp-af-ipv4-mdt /exec/configure/router-bgp/router-bgp-af-vpnv4 /exec/configure/router-bgp/router-bgp-af-vpnv6 /exec/configure/router-bgp/router-bgp-af-link-state /exec/configure/router-bgp/router-bgp-af-l2vpn-vpls /exec/configure/router-bgp/router-bgp-af-ipv4-mvpn /exec/configure/router-bgp/router-bgp-af-ipv6-mvpn /exec/configure/router-bgp/router-bgp-af-l2vpn-evpn

ngoam authentication-key

{ ngoam authentication-key <value> } | { no ngoam authentication-key [ <value> ] }

Syntax Description

no

Negate a command or set its defaults

ngoam

Configure ngoam

authentication-key

Ngoam authentication-key

value

authentication key

Command Mode

  • /exec/configure

ngoam connect-check

[no] ngoam connect-check <id>

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

connect-check

Configure ngoam oam connectivity check

id

connect check id

Command Mode

  • /exec/configure

ngoam install acl

[no] ngoam install acl

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

install

Ngoam install

acl

Ngoam install acl

Command Mode

  • /exec/configure

ngoam loop-detection

[no] ngoam loop-detection

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

loop-detection

Configure Loop Detection

Command Mode

  • /exec/configure

ngoam loop-detection bringup vlan

ngoam loop-detection bringup { vlan <vlan-range> } [ port <port-range> ]

Syntax Description

ngoam

Configure ngoam

loop-detection

Configure Loop Detection

bringup

Bringup the ports,if disabled

vlan

Vlan

port

(Optional) Ports to bringup if disabled

vlan-range

vlan range max span 1024, Example: 2000-3000,400,500

port-range

(Optional) Interface for loop detection

Command Mode

  • /exec

ngoam loop-detection probe vlan

ngoam loop-detection probe { vlan <vlan-range> } [ port <port-range> ]

Syntax Description

ngoam

Configure ngoam

loop-detection

Configure Loop Detection

probe

Probe for loop detection

vlan

Start probing on vlan for loop detection

port

(Optional) start probing on port for loop detection

vlan-range

vlan range max span 1024, Example: 2000-3000,400,500

port-range

(Optional) Interface for loop detection

Command Mode

  • /exec

ngoam profile

[no] ngoam profile <profile-id>

Syntax Description

no

(Optional) Negate a command or set its defaults

ngoam

Configure ngoam

profile

Configure ngoam oam profile

profile-id

ngoam profile id

Command Mode

  • /exec/configure

ngoam xconnect hb-interval

{ ngoam xconnect hb-interval <ms> } | { no ngoam xconnect hb-interval [ <ms> ] }

Syntax Description

no

Negate a command or set its defaults

ngoam

Configure ngoam

xconnect

Configure xconnect parameters

hb-interval

Configure xconnect heartbeat interval

ms

interval in ms, 3 failures triggers failure default is 190

Command Mode

  • /exec/configure

no-more

| no-more

Syntax Description

|

Pipe command output to filter

no-more

Turn-off pagination for command output

Command Mode

  • /output

no

{ [ <seqno> ] | no } <permitdeny> { { ethertype <ethertypeid> } | { <proto_udp> { { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { { [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] [ nve vni <vni-id> ] } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + | { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } } [ nve vni <vni-id> ] } } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + { { [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] # 2369 ../feature/acl_mgr/cli/aclmgr.cmd [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

proto_udp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) UDP port

src_port1

(Optional) Port number

src_port1_str

(Optional) UDP port

src_port2

(Optional) Port number

src_port2_str

(Optional) UDP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) UDP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) UDP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) UDP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

tos

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_num

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_str

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

nve

(Optional) VNI ID <0-16777215>

vni

(Optional) VNI ID <0-16777215>

vni-id

(Optional) VNI ID <0-16777215>

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/arpacl /exec/configure/ipgroup /exec/configure/ipv6group /exec/configure/portgroup /exec/configure/timerange

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/macacl

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/mplsacl

no

[no] <seqno>

Syntax Description

no

Negate a command or set its defaults

seqno

Sequence number

Command Mode

  • /exec/configure/ipacl /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> { { { { ethertype <ethertypeid> } | { { ip | <proto> | <ip_other_proto> } { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + | { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } [ capture session <session-id> ] } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } | { udf { <udf_name> <udf_val> <udf_mask> } + } } { [ <action> <actionid> ] } + [ log ] | { [ <action> <actionid> ] } + [ telemetry_queue ] | { [ <action> <actionid> ] } + [ telemetry_path ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

ip

Any IP protocol

proto

A protocol number

ip_other_proto

ip_other_proto

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

tos

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_num

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_str

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> { { ethertype <ethertypeid> } | { <proto_tcp> { { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { http-method { <opt_num> | <opt_str> } } | { tcp-option-length <tcp_opt_len> } | { tcp-flags-mask <tcp_flags_mask> } | { ttl <ttl_num> } ] } + | { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + | { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } | { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } } } } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + { { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { http-method { <opt_num> | <opt_str> } } | { tcp-option-length <tcp_opt_len> } | { tcp-flags-mask <tcp_flags_mask> } | { ttl <ttl_num> } ] } + | { [ urg | ack | psh | rst | syn | fin | established | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

proto_tcp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) TCP port

src_port1

(Optional) Port number

src_port1_str

(Optional) TCP port

src_port2

(Optional) Port number

src_port2_str

(Optional) TCP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) TCP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) TCP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) TCP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

tos

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_num

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_str

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

tcp-option-length

(Optional) Specify TCP Options size

tcp_opt_len

(Optional) TCP option length (multiples of 4 bytes)

tcp-flags-mask

(Optional) Specify TCP Flags

tcp_flags_mask

(Optional) TCP flags mask

http-method

(Optional) Match packets based on http-method

opt_num

(Optional) http_option value

opt_str

(Optional) http_option_param

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

urg

(Optional) Match on the URG bit

ack

(Optional) Match on the ACK bit

psh

(Optional) Match on the PSH bit

rst

(Optional) Match on the RST bit

syn

(Optional) Match on the SYN bit

fin

(Optional) Match on the FIN bit

established

(Optional) Match established connections

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> <proto_igmp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | <igmp_num> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] + | [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | <igmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] + | [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | <igmp_num> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + | [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | <igmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + } } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } } [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_igmp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

tos

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_num

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_str

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

igmp_num

(Optional) IGMPv1 message type

igmp_str

(Optional) IGMP type

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> { { { ethertype <ethertypeid> } | { <proto_icmp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | { <icmp_type> [ <icmp_code> ] } | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] + | [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | <icmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] + | [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | { <icmp_type> [ <icmp_code> ] } | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + | [ [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | <icmp_str> | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } ] + } } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { ttl <ttl_num> } ] } + | { [ [ fragments ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } | { tos { <tos_num> | <tos_str> } } | { precedence { <prec_num> | <prec_str> } } | { ttl <ttl_num> } ] } + } } } } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <action> <actionid> ] } + [ log ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ethertype

Configure match based on ethertype

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

ethertypeid

Configure the ethertype value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

proto_icmp

Protocol

src_any

Any

src_addr

Source network address

src_wild

Source wildcard bits

src_prefix

Source network prefix

src_key_host

A single source host

src_host

Source address

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_addr

Destination network address

dst_wild

Destination wildcard bits

dst_prefix

Destination network prefix

dst_key_host

A single destination host

dst_host

Destination address

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

tos

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_num

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

tos_str

THIS KEYWORD OR VARIABLE IS NOT SUPPORTED

precedence

(Optional) Match packets with given precedence value

prec_num

(Optional) Precedence value

prec_str

(Optional) Precedence label

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

ttl

(Optional) Match Packets with a given TTL value

ttl_num

(Optional)

icmp_type

(Optional) ICMP message type

icmp_code

(Optional) ICMP message code

icmp_str

(Optional) ICMP label

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

action

(Optional) Action

actionid

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipacl

no

{ [ <seqno> ] | no } <permitdeny> { { ipv6 | <proto> | <ipv6_other_proto> } { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] } [ log ] | { udf { <udf_name> <udf_val> <udf_mask> } + } }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

ipv6

Any IPV6 protocol

proto

A protocol number

ipv6_other_proto

ipv6_other_proto

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_tcp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] | [ { flow-label <flow_num> } ] | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | [ urg | ack | psh | rst | syn | fin | established ] | { tcp-flags-mask <tcp_flags_mask> } | [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] } + [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_tcp

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) TCP port

src_port1

(Optional) Port number

src_port1_str

(Optional) TCP port

src_port2

(Optional) Port number

src_port2_str

(Optional) TCP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) TCP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) TCP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) TCP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

tcp-flags-mask

Specify TCP Flags

tcp_flags_mask

TCP flags mask

urg

(Optional) Match on the URG bit

ack

(Optional) Match on the ACK bit

psh

(Optional) Match on the PSH bit

rst

(Optional) Match on the RST bit

syn

(Optional) Match on the SYN bit

fin

(Optional) Match on the FIN bit

established

(Optional) Match established connections

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_udp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] } + [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } [ nve vni <vni-id> ] | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } [ nve vni <vni-id> ] [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_udp

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) UDP port

src_port1

(Optional) Port number

src_port1_str

(Optional) UDP port

src_port2

(Optional) Port number

src_port2_str

(Optional) UDP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) UDP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) UDP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) UDP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

nve

(Optional) VNI ID <0-16777215>

vni

(Optional) VNI ID <0-16777215>

vni-id

(Optional) VNI ID <0-16777215>

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_sctp> { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } [ { { <src_port_op> { <src_port0> | <src_port0_str> } } | { <src_port_range> { <src_port1> | <src_port1_str> } { <src_port2> | <src_port2_str> } } | src_portgroup <src_port_group> } ] { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } [ { { <dst_port_op> { <dst_port0> | <dst_port0_str> } } | { <dst_port_range> { <dst_port1> | <dst_port1_str> } { <dst_port2> | <dst_port2_str> } } | dst_portgroup <dst_port_group> } ] { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] } + } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_sctp

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

src_port_op

(Optional) Port operator

src_port_range

(Optional) Port range

src_port0

(Optional) Port number

src_port0_str

(Optional) SCTP port

src_port1

(Optional) Port number

src_port1_str

(Optional) SCTP port

src_port2

(Optional) Port number

src_port2_str

(Optional) SCTP port

src_portgroup

(Optional) src port group

src_port_group

(Optional) Port group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dst_port_op

(Optional) Port operator

dst_port_range

(Optional) Port range

dst_port0

(Optional) Port number

dst_port0_str

(Optional) SCTP port

dst_port1

(Optional) Port number

dst_port1_str

(Optional) SCTP port

dst_port2

(Optional) Port number

dst_port2_str

(Optional) SCTP port

dst_portgroup

(Optional) dst port group

dst_port_group

(Optional) Port group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } <permitdeny> <proto_icmpv6> { { { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { <icmpv6_type> [ <icmpv6_code> ] } | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { flow-label <flow_num> } | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] + | [ <icmpv6_str> | { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } | { flow-label <flow_num> } | [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] | packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] + } } | { { <src_any> | { <src_addr> <src_wild> } | <src_prefix> | { src_key_host <src_host> } | { src_key_addrgrp <src_addrgrp_name> } } { <dst_any> | { <dst_addr> <dst_wild> } | <dst_prefix> | { dst_key_host <dst_host> } | { dst_key_addrgrp <dst_addrgrp_name> } } { [ { dscp { <dscp_num> [ [ dscp-mask ] <dscp_mask> ] | <dscp_str> } } ] [ { flow-label <flow_num> } ] [ fragments ] [ log ] [ telemetry_queue ] [ telemetry_path ] [ time-range <time_range_name> ] [ packet-length { <plen_op> <plen0> | <plen_range> <plen1> <plen2> } ] [ { udf { <udf_name> <udf_val> <udf_mask> } + } ] } + } } [ vlan <vlanid> | ingress_intf { <intfid> | <intfname> } | vlan_priority <vlanpriorityid> ] + [ capture session <session-id> ] { [ <actionv6> <actionidv6> ] } }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

proto_icmpv6

Protocol

vlan

(Optional) Configure match based on vlan

ingress_intf

(Optional) Configure match based on ingress interface

vlan_priority

(Optional) Configure match based on priority

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

vlanid

(Optional) VLAN number

intfid

(Optional) Interface index

intfname

(Optional) Interface name

vlanpriorityid

(Optional) Vlan Priority

src_any

Any

src_key_host

A single source host

src_key_addrgrp

Source address group

src_addrgrp_name

Address group name

dst_any

Any

dst_key_host

A single destination host

dst_key_addrgrp

Destination address group

dst_addrgrp_name

Address group name

dscp

(Optional) Match packets with given dscp value and Mask

dscp-mask

(Optional) DSCP wildcard Mask

dscp_num

(Optional) Differentiated services codepoint value

dscp_mask

(Optional) Differentiated services codepoint mask - 0 to 0x3F

dscp_str

(Optional) Differentiated services codepoint label

flow-label

(Optional) Flow label

flow_num

(Optional) Flow label value

fragments

(Optional) Check non-initial fragments

log

(Optional) Log matches against this entry

telemetry_queue

(Optional) Flow of interest for BDC/HDC

telemetry_path

(Optional) IPT enabled

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

packet-length

(Optional) Match packets based on layer 3 packet length

plen_op

(Optional) Packet-length operator

plen_range

(Optional) Packet-length range

plen0

(Optional) Packet length

plen1

(Optional) Lower packet length

plen2

(Optional) Higher packet length

icmpv6_type

(Optional) ICMPv6 message type

icmpv6_code

(Optional) ICMPv6 message code

icmpv6_str

(Optional) ICMPv6 label

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

actionv6

(Optional) ActionV6

actionidv6

(Optional) redirect: Ethernet1/1,port-channel1 set-erspan-dscp: <1-63> set-erspan-gre-proto: <1-65535>

Command Mode

  • /exec/configure/ipv6acl

no

{ [ <seqno> ] | no } { <addr> <wild> | <prefix> | host <hostaddr> }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

addr

A.B.C.D Network address of object-group member

wild

A.B.C.D wildcard

prefix

A.B.C.D/nn Network prefix of the object-group member

host

Host address of the object-group member

hostaddr

A.B.C.D Host address

Command Mode

  • /exec/configure/ipgroup

no

{ [ <seqno> ] | no } { <addr> <wild> | <prefix> | host <hostaddr> }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

host

Host address of the object-group member

Command Mode

  • /exec/configure/ipv6group

no

{ [ <seqno> ] | no } { <_port_op> <port0_num> | <_port_range> <port1_num> <port2_num> }

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

_port_op

Port operator

_port_range

Port range

port0_num

Port number

port1_num

Port number

port2_num

Port number

Command Mode

  • /exec/configure/portgroup

no

{ [ <seqno> ] | no } <permitdeny> { <src_any> | { <src_addr> <src_wild> } } { <dst_any> | { <dst_addr> <dst_wild> } } [ <mac_proto> | <mac_proto_str> ] [ vlan <vlan> | cos <cos> ] + [ time-range <time_range_name> ] [ capture session <session-id> ] { [ <macaction> <macactionid> ] } + [ { udf { <udf_name> <udf_val> <udf_mask> } + } ]

Syntax Description

seqno

(Optional) Sequence number

no

Negate a command or set its defaults

permitdeny

Permit/deny

src_any

Any

src_addr

Source MAC address

src_wild

Source wildcard bits

dst_any

Any

dst_addr

Destination MAC address

dst_wild

Destination wildcard bits

mac_proto

(Optional) MAC protocol number

mac_proto_str

(Optional) MAC protocol name

vlan

(Optional) VLAN number

cos

(Optional) CoS value

vlan

(Optional) VLAN number

cos

(Optional) CoS value

time-range

(Optional) Specify a time range

time_range_name

(Optional) Time range name

capture

(Optional) Enable packet capture on this filter for session

session

(Optional) Session ID <1-48> for this session

session-id

(Optional) Session ID <1-48> for this session

macaction

(Optional) MAC ACL Action

macactionid

(Optional) redirect: Ethernet1/1,port-channel1

udf

(Optional) User defined field match

udf_name

(Optional) UDF name

udf_val

(Optional) UDF value to match

udf_mask

(Optional) Mask to apply to UDF value

Command Mode

  • /exec/configure/macacl

no

[no] { userprofile | trustedCert | CRLLookup | user-switch-bind | user-certdn-match | user-pubkey-match }

Syntax Description

no

Negate a command or set its defaults

userprofile

Delete the userprofile

trustedCert

Delete the trustedCert

CRLLookup

Delete the CRLLookup

user-switch-bind

Delete the user-switch-bind

user-certdn-match

Delete the certificate matching

user-pubkey-match

Delete the pubkey matching

Command Mode

  • /exec/configure/ldap/search

no

no

Syntax Description

no

Negate a command or set its defaults

Command Mode

  • /exec/configure/vsan-db

node ip

[no] node { ip <ip-addr> | IPv6 <ip-addrv6> }

Syntax Description

no

(Optional) Negate a command or set its defaults

node

ITD node

ip

ITD node IPv4 address

ip-addr

ITD node IP4 prefix in format i.i.i.i

IPv6

ITD node IPv6 address

Command Mode

  • /exec/configure/itd-session-device-group

node ip

[no] node { ip <ip-addr> | IPv6 <ip-addrv6> }

Syntax Description

no

(Optional) Negate a command or set its defaults

node

ITD node

ip

ITD node IPv4 address

ip-addr

ITD node IP4 prefix in format i.i.i.i

IPv6

ITD node IPv6 address

Command Mode

  • /exec/configure/itd-device-group

npv auto-load-balance disruptive

[no] npv auto-load-balance disruptive

Syntax Description

no

(Optional) Negate a command or set its defaults

npv

Config commands for FC N_port Virtualizer

auto-load-balance

configure auto load balancing among preferred external links

disruptive

enable disruptive auto load balancing among external links

Command Mode

  • /exec/configure

npv traffic-map server-interface external-interface

[no] npv traffic-map server-interface <if1> external-interface <interface>

Syntax Description

no

(Optional) Negate a command or set its defaults

npv

Config commands for FC N_port Virtualizer

traffic-map

Configure NPV traffic engineering

server-interface

Configure server interface based traffic engineering

if1

external-interface

Configure preferred external interface(s)

interface

Command Mode

  • /exec/configure

nsf await-redist-proto-convergence

{ [ no ] nsf await-redist-proto-convergence }

Syntax Description

no

(Optional) Negate a command or set its defaults

nsf

Non-stop forwarding

await-redist-proto-convergence

Specify whether EIGRP should wait for other protocols to converge before advertising routes

Command Mode

  • /exec/configure/router-eigrp/router-eigrp-vrf-common /exec/configure/router-eigrp/router-eigrp-af-common

ntp access-group

[no] ntp access-group { peer | serve-only | serve | query-only } <acl-name>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

access-group

NTP access-group

peer

access-group peer

serve

access-group serve

serve-only

access-group serve-only

query-only

access-group query-only

acl-name

Name of access list

Command Mode

  • /exec/configure

ntp access-group match-all

[no] ntp access-group match-all

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

access-group

NTP access-group

match-all

Scan ACLs present in all ntp access groups

Command Mode

  • /exec/configure

ntp allow private

[no] ntp allow { private | control [ rate-limit <delay> ] }

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

allow

Enable/Disable the packets

private

Enable/Disable Private mode packets

control

Enable/Disable Control mode packets

rate-limit

(Optional) Rate-limit the control packets

delay

(Optional) Rate-limit delay (Default 3)

Command Mode

  • /exec/configure

ntp authenticate

[no] ntp authenticate

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

authenticate

Enable/Disable authentication

Command Mode

  • /exec/configure

ntp authentication-key md5

[no] ntp authentication-key <number> md5 <md5> [ 0 | 7 ]

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

authentication-key

NTP authentication key

number

authentication key number (range 1-65535)

md5

use md5 authentication scheme

md5

MD5 string

0

(Optional) clear text

7

(Optional) encrypted

Command Mode

  • /exec/configure

ntp logging

[no] ntp logging

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

logging

Enable/Disable logging of NTPD Events

Command Mode

  • /exec/configure

ntp master

[no] ntp master [ <stratum-no> ]

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

master

Act as NTP master clock

stratum-no

(Optional) Stratum number

Command Mode

  • /exec/configure

ntp passive

[no] ntp passive

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

passive

NTP passive command

Command Mode

  • /exec/configure

ntp peer

[no] ntp peer <host0> [ prefer | key <keyid> | use-vrf { <vrf-name> | <vrf-known-name> } | minpoll <minpoll> | maxpoll <maxpoll> ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

ntp

NTP Configuration

peer

NTP Peer address

host0

Hostname/IP address of the NTP Peer

prefer

(Optional) Preferred Server

key

(Optional) Keyid to be used while communicating to this server

keyid

(Optional) Value of keyid 1-65535

use-vrf

(Optional) Display per-VRF information

vrf-name

(Optional) VRF name

vrf-known-name

(Optional) Known VRF name

minpoll

(Optional) Minimum interval to poll a peer

minpoll

(Optional) Poll interval in secs to a power of 2 [default 4]

maxpoll

(Optional) Maximum interval to poll a peer

maxpoll

(Optional) Poll interval in secs to a power of 2 [default 6]

Command Mode

  • /exec/configure

ntp server

[no] ntp server <host0> [ prefer | key <keyid> | use-vrf { <vrf-name> | <vrf-known-name> } | minpoll <minpoll> | maxpoll <maxpoll> ] +

Syntax Description

no

(Optional) Negate a command or set its defaults

ntp

NTP Configuration

server

NTP server address

host0

Hostname/IP address of the NTP Server

prefer

(Optional) Preferred Server

key

(Optional) Keyid to be used while communicating to this server

keyid

(Optional) Value of keyid 1-65535

use-vrf

(Optional) Display per-VRF information

vrf-name

(Optional) VRF name

vrf-known-name

(Optional) Known VRF name

minpoll

(Optional) Minimum interval to poll a server

minpoll

(Optional) Poll interval in secs to a power of 2 [default 4]

maxpoll

(Optional) Maximum interval to poll a server

maxpoll

(Optional) Poll interval in secs to a power of 2 [default 6]

Command Mode

  • /exec/configure

ntp source-interface

[no] ntp source-interface <interface>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

source-interface

Source interface sending NTP packets

interface

Source interface

Command Mode

  • /exec/configure

ntp source

[no] ntp source <ip-addr>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP Configuration

source

Source of NTP packets

ip-addr

IPv4/IPv6 address

Command Mode

  • /exec/configure

ntp sync-retry

ntp sync-retry

Syntax Description

ntp

NTP configuration

sync-retry

Retry synchronization with configured servers

Command Mode

  • /exec

ntp trusted-key

[no] ntp trusted-key <number>

Syntax Description

no

(Optional) Negate a command or set its default

ntp

NTP configuration

trusted-key

NTP trusted-key

number

trusted-key number

Command Mode

  • /exec/configure

nv overlay evpn

[no] nv overlay evpn

Syntax Description

no

(Optional) Negate a command or set its defaults

nv

Command to enable/disable features

overlay

Command to enable/disable features

evpn

Enable/Disable Ethernet VPN (EVPN)

Command Mode

  • /exec/configure

nve interface remap-replication-servers

nve interface <nve-if> remap-replication-servers

Syntax Description

nve

Configure NVE information

interface

Interface

nve-if

NVE interface

remap-replication-servers

Remap Replication servers to VNIs

Command Mode

  • /exec

nve interface replication-server up

nve interface <nve-if> replication-server <rep-addr> { up | down }

Syntax Description

nve

Configure NVE information

interface

Interface

nve-if

NVE interface

replication-server

Configure a replication server

rep-addr

Replication Server IP Address

up

mark replication-server up

down

mark replication-server down

Command Mode

  • /exec

nve oam mode draft-pang

[no] nve oam mode draft-pang

Syntax Description

no

(Optional) Negate a command or set its defaults

nve

VxLAN functionality

oam

VxLAN OAM functionality

mode

Choose operation mode for OAM

draft-pang

OAM implementation as per Draft Pang

Command Mode

  • /exec/configure

nwwn

[no] nwwn <wwn0>

Syntax Description

no

(Optional) Negate a command or set its defaults

nwwn

Node WWN of the platform

wwn0

Node WWN

Command Mode

  • /exec/configure/fcs-register/attrib

nwwn vsan

[no] nwwn <wwn0> vsan <i1>

Syntax Description

no

(Optional) Negate a command or set its defaults

nwwn

Device NWWN

wwn0

NWWN of the Device

vsan

VSAN id for device

i1

vsan id

Command Mode

  • /exec/configure/dpvm-db

nxapi certificate

{ nxapi certificate { { httpskey { keyfile <uri0> [ password <passphrase> ] } } | { httpscrt { certfile <uri1> } } | { enable } } }

Syntax Description

nxapi

Configure nxapi

certificate

Https certificate configuration

httpskey

Https private key

httpscrt

Https certificate

keyfile

Https key file

certfile

Https certificate file

password

(Optional) Https encrypted key passphrase

enable

Enable the current certificate

uri0

File containing https private key for the user

passphrase

(Optional) Https encrypted private key passphrase

uri1

File containing https certificate

Command Mode

  • /exec/configure

nxapi client certificate authentication

{ nxapi client certificate authentication [ <verification-setting> ] } | { no nxapi client certificate authentication }

Syntax Description

no

Negate a command or set its defaults

nxapi

Configure nxapi

client

Configure NX-API client management properties

certificate

Configure NX-API client certificate authentication functionality

authentication

Enable/Disable client certificate authentication

verification-setting

(Optional) Configure nxapi client-certificate authentication verification restriction setting

Command Mode

  • /exec/configure

nxapi http port

{ nxapi { http | https } port <s0> } | { no nxapi { http | https } } | { no nxapi { http | https } port <s0> }

Syntax Description

no

Negate a command or set its defaults

nxapi

Configure nxapi

http

Http configuration

https

Https configuration

port

Port number

s0

Port number. Please do not use well-known protocol ports

Command Mode

  • /exec/configure

nxapi idle-timeout

[no] nxapi idle-timeout <i0>

Syntax Description

no

(Optional) Negate a command or set its defaults

nxapi

Configure nxapi

idle-timeout

duration until idle session expires

i0

Length of time, in minutes

Command Mode

  • /exec/configure

nxapi ssl ciphers weak

{ [ no ] nxapi ssl ciphers weak }

Syntax Description

no

(Optional) Negate a command or set its defaults

nxapi

Configure nxapi

ssl

Configure ssl parameters

ciphers

Configure allowed ciphers for ssl

weak

Allow weak ciphers

Command Mode

  • /exec/configure

nxapi ssl protocols

{ nxapi ssl protocols <prot_string> } | { no nxapi ssl protocols }

Syntax Description

no

Negate a command or set its defaults

nxapi

Configure nxapi

ssl

Configure ssl parameters

protocols

Configure allowed ssl protocols

prot_string

String of supported protocols, Ex: TLSv1 TLSv1.1 TLSv1.2

Command Mode

  • /exec/configure

nxapi use-vrf management default

{ nxapi use-vrf { management | default | <vrf_name> } } | { no nxapi use-vrf { management | default | <vrf_name> } }

Syntax Description

no

Negate a command or set its defaults

nxapi

Configure nxapi

use-vrf

vrf to be used for nxapi communication

management

management vrf

default

default vrf

vrf_name

name of the vrf

Command Mode

  • /exec/configure

nxsdk profile

[no] nxsdk profile <nxsdk-profile-name>

Syntax Description

no

(Optional) Negate a command or set its defaults

nxsdk

NXOS SDK

profile

service profile

nxsdk-profile-name

NxSDK service profile name

Command Mode

  • /exec/configure

nxsdk remote port

[no] nxsdk remote port <port> [ namespace { <vrf-name> | <vrf-known-name> } ] [ certificate <cert-id> ]

Syntax Description

no

(Optional) Negate a command or set its defaults

nxsdk

NXOS SDK

remote

To run NX-SDK service as a remote service

port

Port to accept remote NX-SDK connections

port

Port

namespace

(Optional) Namespace to run the remote server on. Default is Vrf: Default

vrf-name

(Optional) VRF name

vrf-known-name

(Optional) Known VRF name

certificate

(Optional) Specify certificate id to be used for the remote session

cert-id

(Optional) Certificate identification

Command Mode

  • /exec/configure

nxsdk service-name

[no] nxsdk service-name <nxsdk-service-name> [ profile <nxsdk-profile-name> ]

Syntax Description

nxsdk

NXOS SDK

service-name

Complete path and name of file to execute

nxsdk-service-name

Service name

profile

(Optional) Service profile

nxsdk-profile-name

(Optional) Name of the profile

Command Mode

  • /exec/configure