ECS4100 Series CLI Reference Guide-R07

ManualsBrandsEdgecore Networks ManualsEnterpriseL2+/L3 Lite Gigabit Ethernet Access Switch

391

392

393

394

395

396

397

398

399

400

Table Of Contents

Chapter 10

| Access Control Lists

ACL Information

– 400 –

show access-list This command shows all ACLs and associated rules.

Syntax

show access-list

[[arp [acl-name]] |

[ip [extended [acl-name] | standard [acl-name]] |

[ipv6 [extended [acl-name] | standard [acl-name]] |

[mac [acl-name]] | [tcam-utilization] | [hardware counters]]

arp – Shows ingress or egress rules for ARP ACLs.

hardware counters – Shows statistics for all ACLs.

ip extended – Shows ingress or egress rules for Extended IPv4 ACLs.

ip standard – Shows ingress or egress rules for Standard IPv4 ACLs.

ipv6 extended – Shows ingress or egress rules for Extended IPv6 ACLs.

ipv6 standard – Shows ingress or egress rules for Standard IPv6 ACLs.

mac – Shows ingress or egress rules for MAC ACLs.

tcam-utilization – Shows the percentage of user configured ACL rules as a

percentage of total ACL rules

acl-name – Name of the ACL. (Maximum length: 32 characters)

Command Mode

Privileged Exec

Example

Console#show access-list

IP standard access-list david:

permit host 10.1.1.21

permit 168.92.0.0 255.255.15.0

IP extended access-list bob:

permit TCP 192.168.1.0 255.255.255.0 any destination-port 80

permit TCP 192.168.1.0 255.255.255.0 any control-flag 2 2

permit 10.7.1.1 255.255.255.0 any

MAC access-list jerry:

permit any host 00-30-29-94-34-de ethertype 800 800

permit any any VID 1 ethertype 0000 cos 1 1

IP extended access-list A6:

permit any any DSCP 5

permit any any next-header 43

permit any 2009:db90:2229::79/8

ARP access-list arp1:

permit response ip any 192.168.0.0 255.255.0.0 mac any any

permit ip any any mac any any

permit ip any any mac any host 12-12-12-12-12-12 log

Console#

9. Due to a hardware limitation, this option only displays statistics for permit rules.