"FD 100/320Gbps NT and FX NT IHub System
Basics, Management and OAM Guide"
Security
Issue: 10 3HH-11982-AAAA-TQZZA 53
4.4.2.5 action
Table 40 action command
Parameters entry-id — Specifies the CPU filter policy ID number.
Values: 1 — 1536
ISAM limits the number of entries to 256. Rules for counting entries:
• action value of drop counts as 2 entries
• action value of accept counts as 1 entry
• cpu-filter default-action counts as 1 entry
• 2 entries are reserved for excluding arpmiss and L2 MPLS traffic
• operator defined entries is 252
• CPU filter scaling differs per release
create — Keyword when first creating the configuration context. Once the context is created,
one can navigate into the context without the create keyword.
Item Description
(2 of 2)
Item Description
Syntax [no] action {accept | drop}
Context configure>system>security>cpu-filter>ip-filter>entry
Description This command configures accept, drop or forward for a CPU filter entry. The action keyword
must be entered for the entry to be active. Any filter entry without the action keyword will be
considered incomplete and will be inactive.
If neither accept nor drop is specified, this is considered a No-Op filter entry used to explicitly
set a filter entry inactive without modifying match criteria or removing the entry itself.
Multiple action statements entered will overwrite previous actions parameters when defined.
To remove a parameter, use the no form of the action command with the specified parameter.
The no form of the command removes the specified action statement. The filter entry is
considered incomplete and hence rendered inactive without the action keyword.
Default drop
Parameters accept — Specifies packets matching the entry criteria will be accepted.
drop — Specifies packets matching the entry criteria will be dropped.
To Next Page
Loading...
