Displays the ACLs configured on an interface.
aclname | Specifies the ACL name. The name can be from 1-32 characters long. |
any | Specifies the wildcard ACL. |
port_list | Specifies which ports‘ ACLs to display. |
vlan_name | Specifies which This command is available on the ExtremeSwitching X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, 5520 series switches.‘s ACL to display. |
ingress | Display ingress ACLs. |
egress | Display egress ACLs. |
The default is to display all interfaces, ingress.
The ACL with the port and VLAN displayed as an asterisk (*) is the wildcard ACL.
If you do not specify an interface, the policy names for all the interfaces are displayed, except that dynamic ACL rule names are not displayed. To display dynamic ACLs use the following commands:
show access-list dynamic
show access-list dynamic rule rule {detail}
If you specify an interface, all the policy entries, and dynamic policy entries are displayed.
The following command displays all the interfaces configured with an ACL:
show access-list
The output from this command is similar to:
Vlan Name Port Policy Name Dir Rules Dyn Rules ================================================================== * 3:6 TCP_flag ingress 3 2 * 3:8 qos_hongkong ingress 3 0 * 2:1 tc_2.4 ingress 4 0 * 2:7 tcp ingress 1 0 v1 * tcp ingress 1 0 * * firewall1 ingress 2 1
The following command displays the ingress access list entries configured on the VLAN v1006:
show access-list v1006 ingress
The output from this command is similar to the following:
# RuleNo 1 entry dacl13 { #Dynamic Entry if match all { ethernet-destination-address 00:01:05:00:00:00 ; } then { count c13 ; redirect 1.1.5.100 ; } } # RuleNo 2 entry dacl14 { #Dynamic Entry if match all { ethernet-source-address 00:01:05:00:00:00 ; } then { count c14 ; qosprofile qp7 ; } } # RuleNo 3 entry dacl13 { if match all { ethernet-destination-address 00:01:05:00:00:00 ; } then { count c13 ; redirect 1.1.5.100 ; } }
This command was first available in ExtremeXOS 10.1.
The aclname option was removed in ExtremeXOS 11.1.
The ingress, egress, any, ports, and vlan options were added in ExtremeXOS 11.3.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.