Reference Guide
When you use the log option, the CP processor logs detail the packets that match.
Depending on how many packets match the log entry and at what rate, the CP
may become busy as it has to log these packets’ details.
By default, 10 ACL logs are generated if you do not specify the threshold explicitly.
The default frequency at which ACL logs are generated is five minutes. By default,
flow-based monitoring is not enabled.
Use the monitor option only when you are using flow-based monitoring. For
more information, refer to the Port Monitoring chapter of the
C9000 Series
Configuration Guide.
Related
Commands
deny — configures a filter to drop packets.
permit — configures a filter to forward packets.
show ip access-lists
Display inbound or outbound IP access-list information based on a given option.
C9000 Series
Syntax
show ip access-lists {interface interface [in | out]}
Parameters
interface Enter the keyword interface then one of the following
keywords and slot/port or pe-id / stack-unit / port-id
information:
• For a 1-Gigabit Ethernet interface, enter the keyword
GigabitEthernet then the slot/port information.
• For a 10-Gigabit Ethernet interface, enter the keyword
TenGigabitEthernet then the slot/port information.
• For a 40-Gigabit Ethernet interface, enter the keyword
fortyGigE then the slot/port information.
• For a VLAN interface, enter the keyword vlan then the
slot/port number.
• For a Port Channel interface, enter the keyword port-
channel then a port channel number.
• For a port extender Gigabit Ethernet interface, enter the
keyword peGigE then the pe-id / stack-unit / port-id
information. The pe-id range is from 0 to 255; the stack-
unit unit-number range is from 0 to 7; and the port-id
range is from 1 to 48.
in Enter the keyword in to display information for an ip ingress
or inbound access-list attached to an interface.
out Enter the keyword out to display information for an ip
egress or outbound access-list attached to an interface.
Access Control Lists (ACL)
267