ACE Configuration Examples

This section uses examples to demonstrate many of the ACL configuration options and to show how the REST APIs correspond to the CLI commands.

Adding ACE to an Existing IPv4 ACL (deny)

Adds ACE to an existing IPV4 ACL (configured to reject packets).

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list acl_tcp
 2 deny udp 12.234.56.97/13 13.235.46.97/9

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Adding ACE to an Existing IPv6 ACL

Adds ACE to an existing IPv6 ACL (configured to reject packets).

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ipv6 access-list L1
 32 deny tcp 1::2/127 3::4/96

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv6aclAF	sys/acl/ipv6
ipv6aclACL	sys/acl/ipv6/name-{name}
ipv6aclACE	sys/acl/ipv6/name-{name}/seq-{seqNum}

ipv6aclACL Properties

The following table contains information about the ipv6aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv6aclACE Properties

The following table contains information about the ipv6aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Destination IPv6 prefix	Value must match ipv6 format
dstPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Destination IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0
protocol	ipv6acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ipv6 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 58 - icmp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp 132 - sctp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv6acl:IPv6Prefix (address:IPv6)	Source IPv6 prefix	Value must match ipv6 format
srcPrefixLength	ipv6acl:IPv6PrefixLen (scalar:UByte)	Source IPv6 prefix length	RANGE: [0 , 128] DEFAULT: 0
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Adding ACE to an Existing IPv4 ACL (permit)

Adds ACE to an existing IPv4 ACL (configured to forward packets).

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list ipv4_test_ace
 2 permit udp 5.5.5.5/4 6.6.6.6/4

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
vni	acl:VniType (scalar:Uint32)	nve vni ID	RANGE: [0 , 16777216] DEFAULT: invalid

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE with a Log that Matches Against an Entry

Configures ACE with a log that matches against an entry.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 20 permit tcp 1.1.1.1/2 2.2.2.2/3 log

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
logging	scalar:Bool	Log matches against ACL entry	SELECTION: true or false DEFAULT: false
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Check Non-Initial Fragments

Configures ACE to check non-initial fragments

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 20 permit tcp 1.1.1.1/2 2.2.2.2/3 fragments

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
fragment	scalar:Bool	Non-initial fragment	SELECTION: true or false
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Match Packets Based on the HTTP Method

Configures ACE to match packets based on the HTTP method.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 20 permit tcp any any http-method head

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
httpOption	acl:HttpOptionType (scalar:Enum8)	http option http-method	SELECTION: 0 - invalid 1 - get 2 - put 3 - head 4 - post 5 - delete 6 - trace 7 - connect DEFAULT: invalid
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Make VLAN-Based Matches

Configures ACE to make VLAN-based matches.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 40 permit ip any any vlan 5

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull
vlan	acl:VlanType (scalar:Uint32)	vlan	RANGE: [0 , 4095] DEFAULT: 4095

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE to Specify the TCP Options Size

Configures ACE to specify the TCP options size.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list ipv4_test_ace
 20 permit tcp any any tcp-option-length 36

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
tcpOptionLength	acl:TcpOptionLengthType (scalar:Uint32)	TCP options length	RANGE: [0 , 41] DEFAULT: invalid
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring ACE with a User-Defined Field Match

Configurs ACE with a user-defined field match.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list ipv4_test_ace
 10 permit ip 1.1.1.1/2 2.2.2.2/2 udf name1 0x1 0x2 udf name2 0xff 0xee

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}
ipv4aclUDF	sys/acl/ipv4/name-{name}/seq-{seqNum}/udf

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

ipv4aclUDF Properties

The following table contains information about the ipv4aclUDF properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
udf1Mask	acl:UdfMask (scalar:Uint16)	Mask to apply to UDF1 value	RANGE: [0 , 65535]
udf1Name	acl:UdfName (string:Basic)	User-defined field match 1	MAX SIZE: 15
udf1Val	acl:UdfVal (scalar:Uint16)	UDF1 value to match	RANGE: [0 , 65535]
udf2Mask	acl:UdfMask (scalar:Uint16)	Mask to apply to UDF2 value	RANGE: [0 , 65535]
udf2Name	acl:UdfName (string:Basic)	User-defined field match 2	MAX SIZE: 15
udf2Val	acl:UdfVal (scalar:Uint16)	UDF2 value to match	RANGE: [0 , 65535]

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a Time Range

Configures a time range.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

ip access-list L1
 10 permit ip 1.1.1.1/2 2.2.2.2/3 time-range t1

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
ipv4aclAF	sys/acl/ipv4
ipv4aclACL	sys/acl/ipv4/name-{name}
ipv4aclACE	sys/acl/ipv4/name-{name}/seq-{seqNum}

ipv4aclACL Properties

The following table contains information about the ipv4aclACL properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	acl:Name (string:Basic)	Name of Access lists	MAX SIZE: 63

ipv4aclACE Properties

The following table contains information about the ipv4aclACE properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
action	acl:ActionType (scalar:Enum8)	Specify packets to forward or reject	SELECTION: 0 - invalid 1 - permit 2 - deny DEFAULT: invalid
dstPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Destination IPv4 prefix	Value must match ipv4 format
dstPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Destination IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
protocol	ipv4acl:Protocol (scalar:UByte)	Protocol for access-list entry	SELECTION: 0 - ip 1 - icmp 2 - igmp 6 - tcp 17 - udp 47 - gre 50 - esp 51 - ahp 88 - eigrp 89 - ospf 94 - nos 103 - pim 108 - pcp DEFAULT: 255
seqNum	acl:SequenceNumber (scalar:Uint32)	Sequence number	RANGE: [0 , 4294967295]
srcPrefix	ipv4acl:IPv4Prefix (address:IPv4)	Source IPv4 prefix	Value must match ipv4 format
srcPrefixLength	ipv4acl:IPv4PrefixLen (scalar:UByte)	Source IPv4 prefix length	RANGE: [0 , 32] DEFAULT: 0
timeRange	acl:Name (string:Basic)	time range name	MAX SIZE: 63
userSetBit	scalar:Uint64	user set Bit	SELECTION: 1ull - defaultValue defaultValue: 1ull

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html