Share via


az networkfabric acl

Note

This reference is part of the managednetworkfabric extension for the Azure CLI (version 2.49.0 or higher). The extension will automatically install the first time you run an az networkfabric acl command. Learn more about extensions.

Manage Access Control List Resource.

Commands

Name Description Type Status
az networkfabric acl create

Create a Access Control List resource.

Extension GA
az networkfabric acl delete

Delete the Access Control List resource.

Extension GA
az networkfabric acl list

List all Access Control Lists in the provided resource group or subscription.

Extension GA
az networkfabric acl show

Show details of the provided Access Control List resource.

Extension GA
az networkfabric acl update

Update the Access Control List resource.

Extension GA
az networkfabric acl wait

Place the CLI in a waiting state until a condition is met.

Extension GA

az networkfabric acl create

Create a Access Control List resource.

az networkfabric acl create --configuration-type {File, Inline}
                            --resource-group
                            --resource-name
                            [--acls-url]
                            [--annotation]
                            [--default-action {Deny, Permit}]
                            [--dynamic-match-configurations]
                            [--location]
                            [--match-configurations]
                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                            [--tags]

Examples

Creates an Access Control List with Configuration type as "File".

az networkfabric acl create --resource-group "example-rg" --location "westus3" --resource-name "example-accesscontrollist" --configuration-type "File" --acls-url "https://ACL-Storage-URL"

Creates an Access Control List with Configuration type as "Inline".

az networkfabric acl create --resource-group "example-rg" --location "westus3" --resource-name "example-accesscontrollist" --configuration-type "Inline" --default-action "Permit" --dynamic-match-configurations "[{ipGroups:[{name:'example-ipGroup',ipAddressType:IPv4,ipPrefixes:['10.20.3.1/20']}],vlanGroups:[{name:'example-vlanGroup',vlans:['20-30']}],portGroups:[{name:'example-portGroup',ports:['100-200']}]}]" --match-configurations "[{matchConfigurationName:'example-match',sequenceNumber:123,ipAddressType:IPv4,matchConditions:[{etherTypes:['0x1'],fragments:['0xff00-0xffff'],ipLengths:['4094-9214'],ttlValues:[23],dscpMarkings:[32],portCondition:{flags:[established],portType:SourcePort,layer4Protocol:TCP,ports:['1-20'],portGroupNames:['example-portGroup']},protocolTypes:[TCP],vlanMatchCondition:{vlans:['20-30'],innerVlans:[30],vlanGroupNames:['example-vlanGroup']},ipCondition:{type:SourceIP,prefixType:Prefix,ipPrefixValues:['10.20.20.20/12'],ipGroupNames:['example-ipGroup']}}],actions:[{type:Count,counterName:'example-counter'}]}]"

Help text for sub parameters under the specific parent can be viewed by using the shorthand syntax '??'. See https://github.com/Azure/azure-cli/tree/dev/doc/shorthand_syntax.md for more about shorthand syntax.

az networkfabric acl create --dynamic-match-configurations "??"

Required Parameters

--configuration-type

Input method to configure Access Control List. Example: File.

Accepted values: File, Inline
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-name

Name of the Access Control List.

Optional Parameters

--acls-url

Access Control List file URL.

--annotation

Description for underlying resource.

--default-action

Default action that needs to be applied when no condition is matched. Example: Permit.

Accepted values: Deny, Permit
--dynamic-match-configurations

List of dynamic match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--location -l

Location of Azure region When not specified, the location of the resource group will be used.

--match-configurations

List of match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az networkfabric acl delete

Delete the Access Control List resource.

az networkfabric acl delete [--ids]
                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                            [--resource-group]
                            [--resource-name]
                            [--subscription]

Examples

Delete the Access Control List

az networkfabric acl delete --resource-group "example-rg" --resource-name "example-acl"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-name

Name of the Access Control List.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az networkfabric acl list

List all Access Control Lists in the provided resource group or subscription.

az networkfabric acl list [--resource-group]

Examples

List the Access Control Lists for Resource group.

az networkfabric acl list --resource-group "example-rg"

List the Access Control Lists for Subscription.

az networkfabric acl list --subscription "<subscriptionId>"

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az networkfabric acl show

Show details of the provided Access Control List resource.

az networkfabric acl show [--ids]
                          [--resource-group]
                          [--resource-name]
                          [--subscription]

Examples

Show the Access Control List

az networkfabric acl show --resource-group "example-rg" --resource-name "example-acl"

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-name

Name of the Access Control List.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az networkfabric acl update

Update the Access Control List resource.

az networkfabric acl update [--acls-url]
                            [--annotation]
                            [--configuration-type {File, Inline}]
                            [--default-action {Deny, Permit}]
                            [--dynamic-match-configurations]
                            [--ids]
                            [--match-configurations]
                            [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                            [--resource-group]
                            [--resource-name]
                            [--subscription]
                            [--tags]

Examples

Update ACL with Inline configuration type

az networkfabric acl update -g "example-rg" --resource-name "example-acl" --configuration-type "Inline" --default-action "Permit"  --dynamic-match-configurations "[{ipGroups:[{name:'example-ipGroup',ipAddressType:IPv4,ipPrefixes:['10.20.3.1/20']}],vlanGroups:[{name:'example-vlanGroup',vlans:['20-30']}],portGroups:[{name:'example-portGroup',ports:['100-200']}]}]" --match-configurations "[{matchConfigurationName:'example-match',sequenceNumber:123,ipAddressType:IPv4,matchConditions:[{etherTypes:['0x1'],fragments:['0xff00-0xffff'],ipLengths:['4094-9214'],ttlValues:[23],dscpMarkings:[32],portCondition:{flags:[established],portType:SourcePort,layer4Protocol:TCP,ports:['1-20'],portGroupNames:['example-portGroup']},protocolTypes:[TCP],vlanMatchCondition:{vlans:['20-30'],innerVlans:[30],vlanGroupNames:['example-vlanGroup']},ipCondition:{type:SourceIP,prefixType:Prefix,ipPrefixValues:['10.20.20.20/12'],ipGroupNames:['example-ipGroup']}}],actions:[{type:Count,counterName:'example-counter'}]}]"

Optional Parameters

--acls-url

Access Control List file URL.

--annotation

Description for underlying resource.

--configuration-type

Input method to configure Access Control List. Example: File.

Accepted values: File, Inline
--default-action

Default action that needs to be applied when no condition is matched. Example: Permit.

Accepted values: Deny, Permit
--dynamic-match-configurations

List of dynamic match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--match-configurations

List of match configurations. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-name

Name of the Access Control List.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Resource tags Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az networkfabric acl wait

Place the CLI in a waiting state until a condition is met.

az networkfabric acl wait [--created]
                          [--custom]
                          [--deleted]
                          [--exists]
                          [--ids]
                          [--interval]
                          [--resource-group]
                          [--resource-name]
                          [--subscription]
                          [--timeout]
                          [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--resource-name

Name of the Access Control List.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.