Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Displaying ACL Data
Table 10-9. Descriptions of Data Types Included in Show Access-List < interface > Output
Field Description
Name The ACL identifier. Can be a number from 1 to 199, or a name.
Type Standard or Extended. The former uses only source IP addressing. The latter uses both source and destination
IP addressing and also allows TCP or UDP port specifiers.
Applied “Yes” means the ACL has been applied to an interface. “No” means the ACL exists in the switch configuration,
but has not been applied to any interfaces, and is therefore not in use.
ID The sequential number of the Access Control Entry (ACE) in the specified ACL.
action Permit (forward) or deny (drop) a packet when it is compared to the criteria in the applicable ACE and found
to match.
IP In Standard ACLs: The source IP address to which the configured mask is applied to determine whether there
is a match with a packet.
In Extended ACLs: The source and destination IP addresses to which the corresponding configured masks are
applied to determine whether there is a match with a packet.
Mask The mask configured in an ACE and applied to the corresponding IP address in the ACE to determine whether
a packet matches the filtering criteria.
proto Used only in extended ACLs to specify the packet protocol type to filter. Must be either IP, TCP, or UDP.
oper Used only in extended ACLs where a TCP or UDP port type and number have been entered. Specifies how to
compare the corresponding TCP or UDP port number in a packet to the port number in the ACE.
port(s) Used only in extended ACLs to show any TCP or UDP port number that has been entered in the ACE.
Log Shows the status of logging for the entry (ACE). A blank space indicates ACL logging is not enabled for that ACE.
Displaying the Current Per-Port ACL Resources
Assigning an ACL to one or more interfaces reduces the available per-port rule
and mask resources for those interfaces. (An unassigned ACL does not affect
the rule and mask count.) This command displays the current per-port rule
and mask resources available on the switch. For more information on rule and
mask usage, refer to
“Planning an ACL Application on a Series 3400cl or Series
6400cl Switch” on page 10-16.
Syntax: show access-list resources
Displays the currently available per-port rules and ACL masks
on the switch. Note that the available rules can be used by ACL
assignments, QoS configurations, Rate-Limiting
configurations, and enabling IGMP. For more information,
refer to
“ACL Resource Usage and Monitoring” on page 10-17.
10-63
To Next Page
Loading...
Need help?
General