Displays the specified ACL (Access Control List) zones, including their priority, applications, and the application priorities.
any | Displays all zones on the specified interface. |
port port | Displays all ACLs associated with the specified ports. |
vlan vlan_name | Displays all ACLs associated with the specified VLAN (Virtual LAN). |
zone_name | Specifies a zone to be displayed. |
appl-name appl_name | Displays information by application within a zone. |
priority number | Displays ACLs of the specified priority only, within an application area. |
ingress | Displays ACLs applied to traffic in the ingress direction. |
egress | Displays ACLs applied to traffic in the egress direction. |
detail | Displays all ACLs applied to the specified interface. |
N/A.
Use this command to display the ACL zones, applications, and priorities.
Specifying a zone will show all the ACLs installed in the particular zone. Specifying a priority within a zone will show all the ACLs installed at a particular priority within a zone.
Use the detail keyword to display all ACLs installed on a given interface.
The following example displays the detailed view of the ACLs on port 1:1:
show access-list port 1:1 detail
The output of this command is similar to the following:
# show access-list port 1:1 detail RuleNo Application Zone Sub Zone ================================== 1 CLI myZone 1 entry mac1 { if match all { ethernet-source-address 00:0c:29:e5:94:c1 ; destination-address 192.168.11.144/32 ; } then { count mac1 ; } } 2 CLI myZone 5 entry mac51 { if match all { ethernet-source-address 00:0c:29:e5:94:51 ; } then { count mack51; } } 3 CLI myZone 5 entry mac52 { if match all { ethernet-source-address 00:0c:29:e5:94:52 ; } then { count mac52 ; } }
The following example displays the detailed view of the priority 5 ACLs in the zone myzone on port 1:1:
# show access-list port 1:1 zone myZone priority 5 detail RuleNo Application Zone Sub Zone ================================== 2 CLI myZone 5 entry mac51 { if match all { ethernet-source-address 00:0c:29:e5:94:51 ; } then { count mack51; } } 3 CLI myZone 5 entry mac52 { if match all { ethernet-source-address 00:0c:29:e5:94:52 ; } then { count mac52 ; } }
The following example displays the priority 5 ACLs in the zone myzone on port 1:1:
# show access-list port 1:1 zone myZone priority 5 #Dynamic Entries ((*)- Rule is non-perminent ) RuleNo Name Application Zone Sub-Zone 1 mac51 CLI myZone 5 2 mac52 CLI myZone 5
This command was first available in ExtremeXOS 11.6.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.