Displays access list information.
| access-list | Specifies configuring access-list features. | 
| list_dot_rule | Access-list name with optional rule name in format list_name {.rule_name}. | 
| profile-index | Specifies the profile index. | 
| profile_index | Defines the profile index (range 1–63). This options shows all access list information associated with the specified profile. | 
| matches | Shows rules with a specific match type, such as match types such as app-signature, ether, etc. | 
| app-signature | Shows application signature specific settings. | 
| ether | Shows type field in Ethernet II packet. | 
| icmp6type | Shows ICMPv6 type.code. | 
| icmptype | Specifies the ICMPv6 type.code. | 
| ipdestsocket | Specifies the destination IP address with optional post-fixed port. | 
| ipfrag | Specifies IP fragmentation flag. | 
| ipproto | Specifies protocol field in IP packet. | 
| ipsourcesocket | Specifies source IP address with optional post-fixed port. | 
| iptos | Specifies IPv4 type of service/IPv6 traffic class field. | 
| ipttl | Specifies IP time to live. | 
| tcpdestportIP | Specifies TCP port destination with optional post-fix IPv4 address. | 
| tcpsourceportIP | Specifies TCP port source with optional post-fix IPv4 address. | 
| udpdestportIP | Specifies UDP port destination with optional post-fix IPv4 address. | 
| udpsourceportIP | Specifies UDP port source with optional post-fix IPv4 address. | 
| mask | Shows rules based on the number of most significant bits to match data value. | 
| mask | Specifies mask value (1–144). Note: You cannot specify "0" because that
                  indicates no mask. | 
| data | Specifies showing rules based on the data (corresponds to type option). | 
| data | Specifies the data value to show (corresponds to type
                  option). You can query for any ‘Match data‘ field of the rule types. The data
                  can be full or partial string or a hexadecimal input that starts with “0x” or “0X”
                  or integer data values (for example: IPTTL, IPTOS, IPProto)  Note: Partial matches cannot be found
                    for rule types that have integer values (IPTTL, IPTOS, IPProto, Ether). Since
                    the data field for these rule types only accepts integers (or hex), and are not
                    mixed with IP addresses or ports, it made no sense to do partial matches for
                    these rule types.  | 
| actions | Shows rules with a specific action, such as CoS, drop, forward, mirror destination, and Syslog. | 
| drop | Shows rules that are set to drop any packets that match this rule. | 
| forward | Shows rules that are set to forward any packets that match this rule. | 
| -1 | Shows rules not assigned a drop or forward action. | 
| cos | Shows rules with the specified Class of Service (CoS). | 
| cos | Specifies the CoS (0–255 or -1). | 
| mirror-destination | Shows rules with the specified mirror destination. | 
| control_index | Specifies the mirror destination control index (1–4). | 
| syslog | Shows rules with Syslog enabled. | 
| detail | Specifies displaying all rule information in detail. | 
N/A.
This command provides information about all the rules in an access list and the policy profile index that the access list is associated with.

Note
"Rule Hit Count" is cleared whenever the access list is unassigned from a profile, or the profile's assigned access list changes.The following example shows information for the access-list "ACL1":
# show policy access-list list-name ACL1
PID |ACL/Rule/Match   |Match Data           |Msk|PortStr  |ST|TS|VLAN|CoS |Mir|
  1 |ACL1                   
       ace4                   
         UDPSrcPort   |135:192.168.0.1      | 22|
         TCPSrcPort   |111:123.190.0.1      | 24|All      |NV|  |drop|    |   |
       ace3                   
         TTL          |22 (0x16)            |  8|All      |NV|  |    |   3|   |
       ace2                   
         IPTOS        |2 (0x2)              |  8|All      |NV|  |    |   2|   |
       ace1                   
         Ether        |23 (0x17)            | 16|All      |NV|T |drop|    |   |
Rule Type - Rule Description: Port, MAC Address, IP address etc.
Rule Data - Varies depending on Rule Type
Mask      - Mask size for rule data where applicable
ST     - V-Volatile NV-NonVolatile
TS     - Flags:
  T-Traps S-Syslog
For Profile Identifer (PID) Rules:
  VLAN - VLAN ID, drop or forward (fwrd)
  CoS  - Class Of Service
Mir  - Mirror index if assigned or prohibited (pro)
      The following example shows detailed information about rules that are configured to drop packets:
# show policy access-list action drop detail 
========================================
Access-list:        :ACL1
Profile Index       :1
  Rule Name           :ace4
    Match Type 1      :UDP Source Port
    Match Data 1      :135:192.168.0.1            
    Match Mask 1      :22
    Actions 
      VLAN              :0    (Drop)
      COS               :-1   (Unconfigured)
      Mirror            :-1   (Unconfigured)
      Rule Hit Count    : 0
      Syslog Status     : Disabled
      Trap Status       : Disabled
  Rule Name           :ace1
    Match Type 1      :Ether Type
    Match Data 1      :23
    Match Mask 1      :16
    Actions 
      VLAN              :0    (Drop)
      COS               :-1   (Unconfigured)
      Mirror            :-1   (Unconfigured)
      Rule Hit Count    : 222
      Syslog Status     : Disabled
      Trap Status       : Enabled
========================================
      # show policy access-list actions forward
PID |ACL/Rule/Match   |Match Data           |Msk|PortStr  |ST|S|VLAN|CoS |Mir|
31  |ACE
       rule3
         IPDest       |10.4.5.6:22          | 48|
         TCPSrcPort   |62:10.7.8.9          | 48|All      |NV|S|fwrd|   1|  4|
31  |ACE
       rule4
         TCPDestPort  |22                   | 16|
         IPProto      |6 (0x6)              |  8|
         Ether        |2048 (0x800)         | 16|All      |NV|S|fwrd|   7|  2|
31  |ACE
       rule5
         UDPSrcPort   |162:192.1.2.3        | 48|
         UDPDestPort  |163:192.3.2.1        | 48|
         TTL          |5 (0x5)              |  8|
         IPTOS        |5 (0x5)              |  8|All      |NV|S|fwrd|   4|  2|
31  |ACE
       rule7
         IPSource     |10.124.8.9           | 32|
         IPProto      |6 (0x6)              |  8|
         Application  |Health Car ICICIPrude| 72|All      |NV|S|fwrd|   3|  1
# show policy access-list  actions cos -1
PID |ACL/Rule/Match   |Match Data           |Msk|PortStr  |ST|S|VLAN|CoS |Mir|
31  |ACE
       rule1
         IPSource     |10.1.2.3             | 32|
         ICMPType     |8.0                  | 16|
         Ether        |2048 (0x800)         | 16|All      |NV|S|drop|    |   |
ACL/Rule/Match:
# show policy access-list data IC
PID |ACL/Rule/Match   |Match Data           |Msk|PortStr  |ST|S|VLAN|CoS |Mir|
31  |ACE
       rule7
         IPSource     |10.124.8.9           | 32|
         IPProto      |6 (0x6)              |  8|
         Application  |Health Car ICICIPrude| 72|All      |NV|S|fwrd|   3|  1|
This command was first available in ExtremeXOS 30.5.
This command is available on all Universal switches supported in this document.