.. _clicmd_src_plugins_acl:

===============================================================
Acl cli reference
===============================================================

clear acl-plugin sessions
-------------------------------------------------------------------------

.. code-block:: console

    clear acl-plugin sessions


Declaration: ``aclplugin_clear_command`` `src/plugins/acl/acl.c line 3749 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3749>`_

Implementation: ``acl_clear_aclplugin_fn``


delete acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    delete acl-plugin acl index <idx>



Delete an Access Control List (ACL)
 Removes an ACL at the specified index, which must exist but not in use by
 any interface.



.. code-block:: console

    delete acl-plugin acl index <idx>



Declaration: ``aclplugin_delete_acl_command`` `src/plugins/acl/acl.c line 3838 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3838>`_

Implementation: ``acl_delete_aclplugin_acl_fn``


delete acl-plugin macip acl
-------------------------------------------------------------------------

.. code-block:: console

    delete acl-plugin macip acl index <idx>



Delete a MACIP Access Control List (ACL)
 Removes an MACIP ACL at the specified index, which must exist but not in
 use by
 any interface.



.. code-block:: console

    delete acl-plugin macip acl index <idx>



Declaration: ``aclplugin_macip_delete_acl_command`` `src/plugins/acl/acl.c line 3852 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3852>`_

Implementation: ``acl_macip_delete_aclplugin_acl_fn``


set acl-plugin
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} <seconds>


Declaration: ``aclplugin_set_command`` `src/plugins/acl/acl.c line 3683 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3683>`_

Implementation: ``acl_set_aclplugin_fn``


set acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin acl [index <idx>] <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> [proto X] [sport X[-Y]] [dport X[-Y]] [tcpflags <int> mask <int>] [tag FOO] {use comma separated list for multiple rules}



Create an Access Control List (ACL)
 If index is not specified, a new one will be created. Otherwise, replace
 the one at this index.

 An ACL is composed of more than one Access control element (ACE). Multiple
 ACEs can be specified with this command using a comma separated list.

Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port
ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP
ports, but this CLI does not).

An ACL can optionally be assigned a 'tag' - which is an identifier
understood by the client. VPP does not examine it in any way.



.. code-block:: console

    set acl-plugin acl <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> proto <TCP|UDP> sport <X-Y> dport <X-Y> tcpflags <X> mask <X> [tag FOO]



Declaration: ``aclplugin_set_acl_command`` `src/plugins/acl/acl.c line 3789 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3789>`_

Implementation: ``acl_set_aclplugin_acl_fn``


set acl-plugin interface
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin interface <interface> <input|output> <acl INDEX> [del] 



[un]Apply an ACL to an interface.
 The ACL is applied in a given direction, either input or output.
 The ACL being applied must already exist.

``set acl-plugin interface <input|output> acl <index> [del]``


Declaration: ``aclplugin_set_interface_command`` `src/plugins/acl/acl.c line 3764 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3764>`_

Implementation: ``acl_set_aclplugin_interface_fn``


set acl-plugin macip acl 
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin macip acl <permit|deny|action N> ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma separated list for multiple rules}



Create an MACIP Access Control List (ACL)
 A MACIP ACL is used to add L2-L3 ACL rules.
 A MACIP ACL can be added similar to ACL rules by using following command :

 

.. code-block:: console

    set acl-plugin macip acl <permit|deny|action N>  ip <PREFIX> mac <MAC> mask <int> [tag FOO] {use comma  separated list for multiple rules

}

Declaration: ``aclplugin_macip_set_acl_command`` `src/plugins/acl/acl.c line 3808 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3808>`_

Implementation: ``acl_set_aclplugin_macip_acl_fn``


set acl-plugin macip interface
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin macip interface <interface> <acl INDEX> [del]



[un]Apply a MACIP ACL to an interface.
The ACL being applied must already exist.

``set acl-plugin macip interface <interface> <acl INDEX> [del]``


Declaration: ``aclplugin_macip_set_interface_command`` `src/plugins/acl/acl.c line 3825 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3825>`_

Implementation: ``acl_set_aclplugin_macip_interface_fn``


show acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin acl [index N]


Declaration: ``aclplugin_show_acl_command`` `src/plugins/acl/acl.c line 3689 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3689>`_

Implementation: ``acl_show_aclplugin_acl_fn``


show acl-plugin decode 5tuple
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX


Declaration: ``aclplugin_show_decode_5tuple_command`` `src/plugins/acl/acl.c line 3707 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3707>`_

Implementation: ``acl_show_aclplugin_decode_5tuple_fn``


show acl-plugin interface
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin interface [sw_if_index N] [acl]


Declaration: ``aclplugin_show_interface_command`` `src/plugins/acl/acl.c line 3713 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3713>`_

Implementation: ``acl_show_aclplugin_interface_fn``


show acl-plugin lookup context
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin lookup context [index N]


Declaration: ``aclplugin_show_lookup_context_command`` `src/plugins/acl/acl.c line 3695 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3695>`_

Implementation: ``acl_show_aclplugin_lookup_context_fn``


show acl-plugin lookup user
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin lookup user [index N]


Declaration: ``aclplugin_show_lookup_user_command`` `src/plugins/acl/acl.c line 3701 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3701>`_

Implementation: ``acl_show_aclplugin_lookup_user_fn``


show acl-plugin macip acl
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin macip acl [index N]


Declaration: ``aclplugin_show_macip_acl_command`` `src/plugins/acl/acl.c line 3737 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3737>`_

Implementation: ``acl_show_aclplugin_macip_acl_fn``


show acl-plugin macip interface
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin macip interface


Declaration: ``aclplugin_show_macip_interface_command`` `src/plugins/acl/acl.c line 3743 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3743>`_

Implementation: ``acl_show_aclplugin_macip_interface_fn``


show acl-plugin memory
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin memory


Declaration: ``aclplugin_show_memory_command`` `src/plugins/acl/acl.c line 3719 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3719>`_

Implementation: ``acl_show_aclplugin_memory_fn``


show acl-plugin sessions
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin sessions


Declaration: ``aclplugin_show_sessions_command`` `src/plugins/acl/acl.c line 3725 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3725>`_

Implementation: ``acl_show_aclplugin_sessions_fn``


show acl-plugin tables
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]


Declaration: ``aclplugin_show_tables_command`` `src/plugins/acl/acl.c line 3731 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3731>`_

Implementation: ``acl_show_aclplugin_tables_fn``