IPv4 Access Control List Definition

Access lists configured through localized data policy are called explicit ACLs. Explicit ACLs can be applied to any interface in any VPN on the device.

Diagram

Classes

definitions (sdwan.localized_policies)

Name	Type	Constraint	Mandatory	Default Value
ipv4_access_control_lists	List	[ipv4_access_control_lists]	No

ipv4_access_control_lists (sdwan.localized_policies.definitions)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[A-Za-z0-9-_]{1,128}$	Yes
description	String		Yes
default_action	Choice	accept, drop	Yes
sequences	List	[sequences]	No

sequences (sdwan.localized_policies.definitions.ipv4_access_control_lists)

Name	Type	Constraint	Mandatory	Default Value
id	Integer	min: 1, max: 65534	Yes
name	String		No
base_action	Choice	accept, drop	Yes
match_criterias	Class	[match_criterias]	No
actions	Class	[actions]	No

match_criterias (sdwan.localized_policies.definitions.ipv4_access_control_lists.sequences)

Name	Type	Constraint	Mandatory	Default Value
class	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
destination_data_prefix_list	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
destination_ip_prefix	IP		No
destination_ports	List	Integer[min: 0, max: 65535]	No
destination_port_ranges	List	[destination_port_ranges]	No
dscp	Integer	min: 0, max: 63	No
packet_length	Integer	min: 0, max: 65535	No
priority	Choice	high, low	No
protocols	List	Integer[min: 0, max: 255]	No
source_data_prefix_list	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
source_ip_prefix	IP		No
source_ports	List	Integer[min: 0, max: 65535]	No
source_port_ranges	List	[source_port_ranges]	No
tcp	Choice	syn	No

actions (sdwan.localized_policies.definitions.ipv4_access_control_lists.sequences)

Name	Type	Constraint	Mandatory	Default Value
counter_name	String	min: 1, max: 20	No
class	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
dscp	Integer	min: 0, max: 63	No
log	Boolean	true, false	No
mirror_list	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No
next_hop	IP		No
policer	String	Regex: ^[A-Za-z0-9-_]{1,128}$	No

destination_port_ranges (sdwan.localized_policies.definitions.ipv4_access_control_lists.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 0, max: 65535	Yes
to	Integer	min: 0, max: 65535	Yes

source_port_ranges (sdwan.localized_policies.definitions.ipv4_access_control_lists.sequences.match_criterias)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 0, max: 65535	Yes
to	Integer	min: 0, max: 65535	Yes

Examples

sdwan:
  localized_policies:
    definitions:
      ipv4_access_control_lists:
        - name: ACL-TLOCEXT-DSCP
          description: "Set traffic class based on DSCP or port"
          default_action: accept
          sequences:
            - id: 10
              name: QoS-ACL
              base_action: accept
              match_criterias:
                dscp: 46
                source_port_ranges:
                  - from: 1000
                    to: 1050
              actions:
                class: CLASS-REALTIME
                counter_name: 10-CLASS-REALTIME
            - id: 20
              name: AF13 traffic
              base_action: accept
              match_criterias:
                source_ports:
                  - 100
                  - 240
                dscp: 14
              actions:
                class: CLASS-BUSINESS
                counter_name: 20-CLASS-BUSINESS