show access-list interface

show access-list {rule rule {start} } [ any | port port | vlan vlan_name ] {zone zone_name { appl-name appl_name {priority number }}} {ingress | egress} {detail}

Description

Displays the specified ACL (Access Control List) zones, including their priority, applications, and the application priorities.

Syntax Description

any Displays all zones on the specified interface.
port port Displays all ACLs associated with the specified ports.
vlan vlan_name Displays all ACLs associated with the specified VLAN (Virtual LAN).
zone_name Specifies a zone to be displayed.
appl-name appl_name Displays information by application within a zone.
priority number Displays ACLs of the specified priority only, within an application area.
ingress Displays ACLs applied to traffic in the ingress direction.
egress Displays ACLs applied to traffic in the egress direction.
detail Displays all ACLs applied to the specified interface.

Default

N/A.

Usage Guidelines

Use this command to display the ACL zones, applications, and priorities.

Specifying a zone will show all the ACLs installed in the particular zone. Specifying a priority within a zone will show all the ACLs installed at a particular priority within a zone.

Use the detail keyword to display all ACLs installed on a given interface.

Example

The following example displays the detailed view of the ACLs on port 1:1:

show access-list port 1:1 detail

The output of this command is similar to the following:

# show access-list port 1:1  detail
RuleNo  	Application    Zone        Sub Zone
==================================
	1	CLI		myZone	1
entry mac1 {
if match all {
ethernet-source-address 00:0c:29:e5:94:c1 ;
destination-address 192.168.11.144/32 ;
} then {
count mac1 ;
} }
	2	CLI		myZone	5
entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
	3	CLI		myZone	5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }
 

The following example displays the detailed view of the priority 5 ACLs in the zone myzone on port 1:1:

# show access-list port 1:1  zone myZone priority 5  detail
RuleNo  	Application    Zone        Sub Zone
==================================
	2	CLI		myZone	5
 entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
	3	CLI		myZone	5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }

The following example displays the priority 5 ACLs in the zone myzone on port 1:1:

# show access-list port 1:1  zone myZone priority 5
#Dynamic Entries  ((*)- Rule is non-perminent )
RuleNo      Name                             Application     Zone             Sub-Zone
1	      mac51		         CLI	        myZone         5
2	      mac52		         CLI	        myZone         5

History

This command was first available in ExtremeXOS 11.6.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.