Operation Manual
Security ACL Commands
Security ACL Commands
15 – 403
---------------------------- ---- --------------
acl_111 IP Not committed
acl-a IP Not committed
To view details about these uncommitted ACLs, type the following command.
MX# show security acl info all editbuffer
ACL edit-buffer information for all
set security acl ip acl-111 (ACEs 3, add 3, del 0, modified 2)
----------------------------------------------------
1. permit IP source IP 192.168.254.12 0.0.0.0 destination IP any
2. permit IP source IP 192.168.253.11 0.0.0.0 destination IP any
3. deny SRC source IP 192.168.253.1 0.0.0.255
set security acl ip acl-a (ACEs 1, add 1, del 0, modified 0)
----------------------------------------------------
1. permit SRC source IP 192.168.1.1 0.0.0.0
See Also
● clear security acl on page 15-391
● commit security acl on page 15-394
● set security acl on page 15-395
● show security acl on page 15-402
● show security acl info on page 15-404
show security acl hits
Displays the number of packets filtered by security ACLs (“hits”) on the MX. Each time a packet is
filtered by a security ACL, the hit counter increments.
Syntax
show security acl hits
Defaults
None.
Access
Enabled.
History
Introduced in MSS Version 1.0.
Usage
For MSS to count hits for a security ACL, you must specify hits in the set security acl
commands that define ACE rules for the ACL.
Examples
To display the security ACL hits on an MX, type the following command:
MX# show security acl hits
ACL hit-counters
Index Counter ACL-name
----- -------------------- --------
1 0 acl_2
2 0 acl_175
3 916 acl_123
See Also
● hit-sample-rate on page 15-395
● set security acl on page 15-395