show access-list dynamic rule

show access-list dynamic rule [rule | rule_li ] detail

Description

Displays the syntax of a dynamic ACL (Access Control List).

Syntax Description

rule Specifies the rule to display.
rule_li Specifies the dynamic rule name for Lawful Intercept account only. You must have lawful intercept user privileges to specify this variable.
detail Specifies to display where the ACL has been applied.

Default

N/A.

Usage Guidelines

None.

Example

The following command displays the syntax of the dynamic ACL udpacl:

show access-list dynamic rule udpacl

The output of the command is similar to the following:

entry udpacl {
if match all {
source-address 10.203.134.0/24 ;
destination-address 140.158.18.16/32 ;
protocol udp ;
source-port 190 ;
destination-port 1200 - 1250 ;
} then {
permit  ;
} }

The following command displays where the dynamic ACL udpacl has been applied:

show access-list dynamic rule udpacl

The output of the command is similar to the following:

Rule updacl has been applied to the following interfaces.
Vlan Name    Port   Direction
=================================
*            1      ingress

The lawful intercept user can display the names of the existing dynamic ACLs and a count of how many times each is used when the following command is issued:

* show access-list dynamic   
Dynamic Rules: ((*)- Rule is non-permanent )       
(*)hclag_arp_0_4_96_51_fe_b2  Bound to 0 interfaces for application HealthCheckLAG   
(*)idmgmt_def_blacklist       Bound to 0 interfaces for application IdentityManager   
(*)idmgmt_def_whitelist       Bound to 0 interfaces for application IdentityManager   
(*)mirror-data                Bound to 2 interfaces for application CLI    

Use the following command to see the conditions and actions for a dynamic ACL:

* show access-list dynamic rule "mirror-data"   
entry mirror-data {   
if match all {       
    source-address 10.66.9.8/24 ;       
    protocol udp ;   
} then {       
    permit ;       
    mirror law_mirror ;   
} }

History

This command was first available in ExtremeXOS 11.3.

The detail keyword was added in ExtremeXOS 11.4.

The rule_li variable was added in ExtremeXOS 15.3.2.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.