.. _clicmd_src_plugins_acl:

===============================================================
Acl cli reference
===============================================================

clear acl-plugin sessions
-------------------------------------------------------------------------

.. code-block:: console

    clear acl-plugin sessions


Declaration: ``aclplugin_clear_command`` `src/plugins/acl/acl.c line 3566 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3566>`_

Implementation: ``acl_clear_aclplugin_fn``


set acl-plugin
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} <seconds>


Declaration: ``aclplugin_set_command`` `src/plugins/acl/acl.c line 3500 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3500>`_

Implementation: ``acl_set_aclplugin_fn``


set acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin acl <permit|deny> src <PREFIX> dst <PREFIX> proto X sport X-Y dport X-Y [tag FOO] {use comma separated list for multiple rules}



Create an Access Control List (ACL)
 an ACL is composed of more than one Access control element (ACE). Multiple
 ACEs can be specified with this command using a comma separated list.

Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port
ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP
ports, but this CLI does not).

An ACL can optionally be assigned a 'tag' - which is an identifier
understood by the client. VPP does not examine it in any way.



.. code-block:: console

    set acl-plugin acl <permit|deny> src <PREFIX> dst <PREFIX> proto <TCP|UDP> sport <X-Y> dport <X-Y> [tag FOO]



Declaration: ``aclplugin_set_acl_command`` `src/plugins/acl/acl.c line 3602 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3602>`_

Implementation: ``acl_set_aclplugin_acl_fn``


set acl-plugin interface
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin interface <interface> <input|output> <acl INDEX> [del] 



[un]Apply an ACL to an interface.
 The ACL is applied in a given direction, either input or output.
 The ACL being applied must already exist.

``set acl-plugin interface <input|output> acl <index> [del]``


Declaration: ``aclplugin_set_interface_command`` `src/plugins/acl/acl.c line 3581 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3581>`_

Implementation: ``acl_set_aclplugin_interface_fn``


show acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin acl [index N]


Declaration: ``aclplugin_show_acl_command`` `src/plugins/acl/acl.c line 3506 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3506>`_

Implementation: ``acl_show_aclplugin_acl_fn``


show acl-plugin decode 5tuple
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX


Declaration: ``aclplugin_show_decode_5tuple_command`` `src/plugins/acl/acl.c line 3524 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3524>`_

Implementation: ``acl_show_aclplugin_decode_5tuple_fn``


show acl-plugin interface
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin interface [sw_if_index N] [acl]


Declaration: ``aclplugin_show_interface_command`` `src/plugins/acl/acl.c line 3530 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3530>`_

Implementation: ``acl_show_aclplugin_interface_fn``


show acl-plugin lookup context
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin lookup context [index N]


Declaration: ``aclplugin_show_lookup_context_command`` `src/plugins/acl/acl.c line 3512 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3512>`_

Implementation: ``acl_show_aclplugin_lookup_context_fn``


show acl-plugin lookup user
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin lookup user [index N]


Declaration: ``aclplugin_show_lookup_user_command`` `src/plugins/acl/acl.c line 3518 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3518>`_

Implementation: ``acl_show_aclplugin_lookup_user_fn``


show acl-plugin macip acl
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin macip acl [index N]


Declaration: ``aclplugin_show_macip_acl_command`` `src/plugins/acl/acl.c line 3554 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3554>`_

Implementation: ``acl_show_aclplugin_macip_acl_fn``


show acl-plugin macip interface
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin macip interface


Declaration: ``aclplugin_show_macip_interface_command`` `src/plugins/acl/acl.c line 3560 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3560>`_

Implementation: ``acl_show_aclplugin_macip_interface_fn``


show acl-plugin memory
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin memory


Declaration: ``aclplugin_show_memory_command`` `src/plugins/acl/acl.c line 3536 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3536>`_

Implementation: ``acl_show_aclplugin_memory_fn``


show acl-plugin sessions
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin sessions


Declaration: ``aclplugin_show_sessions_command`` `src/plugins/acl/acl.c line 3542 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3542>`_

Implementation: ``acl_show_aclplugin_sessions_fn``


show acl-plugin tables
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]


Declaration: ``aclplugin_show_tables_command`` `src/plugins/acl/acl.c line 3548 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3548>`_

Implementation: ``acl_show_aclplugin_tables_fn``