show access-list interface

show access-list {rule rule {start} } [ any | port port | vlan vlan_name ] {zone zone_name { appl-name appl_name {priority number }}} {ingress | egress} {detail}

Description

Displays the specified ACL zones, including their priority, applications, and the application priorities.

Syntax Description


any	Displays all zones on the specified interface.
port `port`	Displays all ACLs associated with the specified ports.
vlan `vlan_name`	Displays all ACLs associated with the specified VLAN.
`zone_name`	Specifies a zone to be displayed.
appl-name `appl_name`	Displays information by application within a zone.
priority `number`	Displays ACLs of the specified priority only, within an application area.
ingress	Displays ACLs applied to traffic in the ingress direction.
egress	Displays ACLs applied to traffic in the egress direction.
detail	Displays all ACLs applied to the specified interface.

Default

N/A.

Usage Guidelines

Use this command to display the ACL zones, applications, and priorities.

Specifying a zone will show all the ACLs installed in the particular zone. Specifying a priority within a zone will show all the ACLs installed at a particular priority within a zone.

Use the detail keyword to display all ACLs installed on a given interface.

Example

The following example displays the detailed view of the ACLs on port 1:1:

show access-list port 1:1 detail

The output of this command is similar to the following:

# show access-list port 1:1  detail
RuleNo  	Application    Zone        Sub Zone
==================================
	1	CLI		myZone	1
entry mac1 {
if match all {
ethernet-source-address 00:0c:29:e5:94:c1 ;
destination-address 192.168.11.144/32 ;
} then {
count mac1 ;
} }
	2	CLI		myZone	5
entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
	3	CLI		myZone	5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }

The following example displays the detailed view of the priority 5 ACLs in the zone myzone on port 1:1:

# show access-list port 1:1  zone myZone priority 5  detail
RuleNo  	Application    Zone        Sub Zone
==================================
	2	CLI		myZone	5
 entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
	3	CLI		myZone	5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }

The following example displays the priority 5 ACLs in the zone myzone on port 1:1:

# show access-list port 1:1  zone myZone priority 5
#Dynamic Entries  ((*)- Rule is non-perminent )
RuleNo      Name                             Application     Zone             Sub-Zone
1	      mac51		         CLI	        myZone         5
2	      mac52		         CLI	        myZone         5

History

This command was first available in ExtremeXOS 11.6.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.