access-list

Get a list of all configured attributes for standard or extended access lists.

access-list Specification

Type Intermediate Resource
Element Name access-list
Element URI /axapi/v3/access-list
Element Attributes access-list_attributes
Schema access-list schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/access-list

access-list_attributes

access-list Attributes

extended-list

Description: extended-list is a JSON List . Please see below for extended-list

Type: List

Reference Object: /axapi/v3/access-list/extended/{extd}

standard-list

Description: standard-list is a JSON List . Please see below for standard-list

Type: List

Reference Object: /axapi/v3/access-list/standard/{std}

extended-list

Specification
Type list
Block object keys

extd

Description: IP extended access list

Type: number

Range: 100-199

rules

Description: rules is a JSON List . Please see below for l1096_rules

Type: List

uuid

Description: uuid of the object

Type: string

extended-list.rules

Specification
Type list
Block object keys

acl-log

Description: Log matches against this entry

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

any-code

Description: Any ICMP code

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any-code icmp-code and special-code are mutually exclusive

any-type

Description: Any ICMP type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any-type icmp-type and special-type are mutually exclusive

dscp

Description: DSCP

Type: number

Range: 1-63

dst-any

Description: Any destination host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: dst-any dst-host, dst-subnet and dst-object-group are mutually exclusive

dst-eq

Description: Match only packets on a given destination port (port number)

Type: number

Range: 1-65535

Mutual Exclusion: dst-eq dst-gt, dst-lt and dst-range are mutually exclusive

dst-gt

Description: Match only packets with a greater port number

Type: number

Range: 1-65534

Mutual Exclusion: dst-gt dst-eq, dst-lt and dst-range are mutually exclusive

dst-host

Description: A single destination host (Host address)

Type: string

Format: ipv4-address

Mutual Exclusion: dst-host dst-any, dst-subnet and dst-object-group are mutually exclusive

dst-lt

Description: Match only packets with a lesser port number

Type: number

Range: 2-65535

Mutual Exclusion: dst-lt dst-eq, dst-gt and dst-range are mutually exclusive

dst-mask

Description: Destination Mask 0=apply 255=ignore

Type: string

Format: ipv4-rev-netmask

dst-object-group

Description: Destination network object group name (Source network object group name)

Type: string

Mutual Exclusion: dst-object-group dst-any, dst-host and dst-subnet are mutually exclusive

dst-port-end

Description: Edning Destination Port Number

Type: number

Range: 1-65535

dst-range

Description: Match only packets in the range of port numbers (Starting Destination Port Number)

Type: number

Range: 1-65535

Mutual Exclusion: dst-range dst-eq, dst-gt and dst-lt are mutually exclusive

dst-subnet

Description: Destination Address

Type: string

Format: ipv4-address

Mutual Exclusion: dst-subnet dst-any, dst-host and dst-object-group are mutually exclusive

established

Description: TCP established

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

extd-action

Description: ‘deny’: Deny; ‘permit’: Permit; ‘l3-vlan-fwd-disable’: Disable L3 forwarding between VLANs;

Type: string

Supported Values: deny, permit, l3-vlan-fwd-disable

extd-remark

Description: Access list entry comment (Notes for this ACL)

Type: string

Format: string-rlx

extd-seq-num

Description: Sequence number

Type: number

Range: 1-8192

fragments

Description: IP fragments

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

icmp

Description: Internet Control Message Protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: icmp tcp, udp, ip and service-obj-group are mutually exclusive

icmp-code

Description: ICMP code number

Type: number

Range: 0-254

Mutual Exclusion: icmp-code any-code and special-code are mutually exclusive

icmp-type

Description: ICMP type number

Type: number

Range: 0-254

Mutual Exclusion: icmp-type any-type and special-type are mutually exclusive

ip

Description: Any Internet Protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ip icmp, tcp, udp and service-obj-group are mutually exclusive

service-obj-group

Description: Service object group (Source object group name)

Type: string

Mutual Exclusion: service-obj-group icmp, tcp, udp and ip are mutually exclusive

special-code

Description: ‘frag-required’: Code 4, fragmentation required; ‘host-unreachable’: Code 1, destination host unreachable; ‘network-unreachable’: Code 0, destination network unreachable; ‘port-unreachable’: Code 3, destination port unreachable; ‘proto-unreachable’: Code 2, destination protocol unreachable; ‘route-failed’: Code 5, source route failed;

Type: string

Supported Values: frag-required, host-unreachable, network-unreachable, port-unreachable, proto-unreachable, route-failed

Mutual Exclusion: special-code any-code and icmp-code are mutually exclusive

special-type

Description: ‘echo-reply’: Type 0, echo reply; ‘echo-request’: Type 8, echo request; ‘info-reply’: Type 16, information reply; ‘info-request’: Type 15, information request; ‘mask-reply’: Type 18, address mask reply; ‘mask-request’: Type 17, address mask request; ‘parameter-problem’: Type 12, parameter problem; ‘redirect’: Type 5, redirect message; ‘source-quench’: Type 4, source quench; ‘time-exceeded’: Type 11, time exceeded; ‘timestamp’: Type 13, timestamp; ‘timestamp-reply’: Type 14, timestamp reply; ‘dest-unreachable’: Type 3, destination unreachable;

Type: string

Supported Values: echo-reply, echo-request, info-reply, info-request, mask-reply, mask-request, parameter-problem, redirect, source-quench, time-exceeded, timestamp, timestamp-reply, dest-unreachable

Mutual Exclusion: special-type icmp-type and any-type are mutually exclusive

src-any

Description: Any source host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: src-any src-host, src-subnet and src-object-group are mutually exclusive

src-eq

Description: Match only packets on a given source port (port number)

Type: number

Range: 1-65535

Mutual Exclusion: src-eq src-gt, src-lt and src-range are mutually exclusive

src-gt

Description: Match only packets with a greater port number

Type: number

Range: 1-65534

Mutual Exclusion: src-gt src-eq, src-lt and src-range are mutually exclusive

src-host

Description: A single source host (Host address)

Type: string

Format: ipv4-address

Mutual Exclusion: src-host src-any, src-subnet and src-object-group are mutually exclusive

src-lt

Description: Match only packets with a lower port number

Type: number

Range: 2-65535

Mutual Exclusion: src-lt src-eq, src-gt and src-range are mutually exclusive

src-mask

Description: Source Mask 0=apply 255=ignore

Type: string

Format: ipv4-rev-netmask

src-object-group

Description: Network object group (Source network object group name)

Type: string

Mutual Exclusion: src-object-group src-any, src-host and src-subnet are mutually exclusive

src-port-end

Description: Ending Port Number

Type: number

Range: 1-65535

src-range

Description: match only packets in the range of port numbers (Starting Port Number)

Type: number

Range: 1-65535

Mutual Exclusion: src-range src-eq, src-gt and src-lt are mutually exclusive

src-subnet

Description: Source Address

Type: string

Format: ipv4-address

Mutual Exclusion: src-subnet src-any, src-host and src-object-group are mutually exclusive

tcp

Description: protocol TCP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: tcp icmp, udp, ip and service-obj-group are mutually exclusive

transparent-session-only

Description: Only log transparent sessions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

udp

Description: protocol UDP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: udp icmp, tcp, ip and service-obj-group are mutually exclusive

vlan

Description: VLAN ID

Type: number

Range: 1-4094

standard-list

Specification
Type list
Block object keys

std

Description: IP standard access list

Type: number

Range: 1-99

stdrules

Description: stdrules is a JSON List . Please see below for l1096_stdrules

Type: List

uuid

Description: uuid of the object

Type: string

standard-list.stdrules

Specification
Type list
Block object keys

action

Description: ‘deny’: Deny; ‘permit’: Permit; ‘l3-vlan-fwd-disable’: Disable L3 forwarding between VLANs;

Type: string

Supported Values: deny, permit, l3-vlan-fwd-disable

any

Description: Any source host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any host and subnet are mutually exclusive

host

Description: A single source host (Host address)

Type: string

Format: ipv4-address

Mutual Exclusion: host any and subnet are mutually exclusive

log

Description: Log matches against this entry

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rev-subnet-mask

Description: Network Mask 0=apply 255=ignore

Type: string

Format: ipv4-rev-netmask

seq-num

Description: Sequence number

Type: number

Range: 1-8192

std-remark

Description: Access list entry comment (Notes for this ACL)

Type: string

Format: string-rlx

subnet

Description: Address to match

Type: string

Format: ipv4-address

Mutual Exclusion: subnet any and host are mutually exclusive

transparent-session-only

Description: Only log transparent sessions

Type: boolean

Supported Values: true, false, 1, 0

Default: 0