10-117
IPv4 Access Control Lists (ACLs)
Enable ACL “Deny” Logging
Monitoring Static ACL Performance
ACL statistics counters provide a means for monitoring ACL performance by 
using counters to display the current number of matches the switch has 
detected for each ACE in an ACL assigned to a switch interface. This can help, 
for example, to determine whether a particular traffic type is being filtered by 
the intended ACE in an assigned list, or if traffic from a particular device or 
network is being filtered as intended.
Note This section describes the command for monitoring static ACL performance. 
To monitor RADIUS-assigned ACL performance, use either of the following 
commands:
show access-list radius < all | port-list >
show port-access < authenticator | mac-based | web-based > clients 
< port-list > detailed
Refer to “Displaying the Current RADIUS-Assigned ACL Activity on the 
Switch” on page 7-37.