Application-Aware Access List Configuration Guidelines

To configure application-aware access list (AACL) services, include the aacl statements at the [edit services] hierarchy level:

[edit services]aacl {rule rule-name {match-direction (input | output | input-output);term term-name {from {application-group-any;application-groups [ application-group-names ];applications [ application-names ];destination-address address <any-unicast>;destination-address-range low minimum-value high maximum-value;destination-prefix-list list-name;source-address address <any-unicast>;source-address-range low minimum-value high maximum-value;source-prefix-list list-name;}then {(accept | discard);count (application | application-group | application-group-any | none);forwarding-class class-name;policer policer-name;}}}rule-set rule-set-name {[ rule rule-names ];}}

This chapter contains the following sections: