Displays the specified ACL (Access Control List) zones, including their priority, applications, and the application priorities.
| any | Displays all zones on the specified interface. | 
| port port | Displays all ACLs associated with the specified ports. | 
| vlan vlan_name | Displays all ACLs associated with the specified VLAN. | 
| zone_name | Specifies a zone to be displayed. | 
| appl-name appl_name | Displays information by application within a zone. | 
| priority number | Displays ACLs of the specified priority only, within an application area. | 
| ingress | Displays ACLs applied to traffic in the ingress direction. | 
| egress | Displays ACLs applied to traffic in the egress direction. | 
| detail | Displays all ACLs applied to the specified interface. | 
N/A.
Use this command to display the ACL zones, applications, and priorities.
Specifying a zone will show all the ACLs installed in the particular zone. Specifying a priority within a zone will show all the ACLs installed at a particular priority within a zone.
Use the detail keyword to display all ACLs installed on a given interface.
The following example displays the detailed view of the ACLs on port 1:1:
show access-list port 1:1 detail
The output of this command is similar to the following:
# show access-list port 1:1  detail
RuleNo  	Application    Zone        Sub Zone
==================================
	1	CLI		myZone	1
entry mac1 {
if match all {
ethernet-source-address 00:0c:29:e5:94:c1 ;
destination-address 192.168.11.144/32 ;
} then {
count mac1 ;
} }
	2	CLI		myZone	5
entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
	3	CLI		myZone	5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }
 
      The following example displays the detailed view of the priority 5 ACLs in the zone myzone on port 1:1:
# show access-list port 1:1  zone myZone priority 5  detail
RuleNo  	Application    Zone        Sub Zone
==================================
	2	CLI		myZone	5
 entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
	3	CLI		myZone	5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }
      The following example displays the priority 5 ACLs in the zone myzone on port 1:1:
# show access-list port 1:1 zone myZone priority 5 #Dynamic Entries ((*)- Rule is non-perminent ) RuleNo Name Application Zone Sub-Zone 1 mac51 CLI myZone 5 2 mac52 CLI myZone 5
This command was first available in ExtremeXOS 11.6.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X870, X440-G2, X620 series switches.
 Print
                        this page
Print
                        this page Email this topic
Email this topic Feedback
Feedback View PDF
View PDF Download EPUB
Download EPUB