Displays the syntax of a dynamic ACL.
rule | Specifies the rule to display. |
rule_li | Specifies the dynamic rule name for Lawful Intercept account only. You must have lawful intercept user privileges to specify this variable. |
detail | Specifies to display where the ACL has been applied. |
N/A.
None.
The following command displays the syntax of the dynamic ACL udpacl:
show access-list dynamic rule udpacl
The output of the command is similar to the following:
entry udpacl { if match all { source-address 10.203.134.0/24 ; destination-address 140.158.18.16/32 ; protocol udp ; source-port 190 ; destination-port 1200 - 1250 ; } then { permit ; } }
The following command displays where the dynamic ACL udpacl has been applied:
show access-list dynamic rule udpacl
The output of the command is similar to the following:
Rule updacl has been applied to the following interfaces. Vlan Name Port Direction ================================= * 1 ingress
The lawful intercept user can display the names of the existing dynamic ACLs and a count of how many times each is used when the following command is issued:
* show access-list dynamic Dynamic Rules: ((*)- Rule is non-permanent ) (*)hclag_arp_0_4_96_51_fe_b2 Bound to 0 interfaces for application HealthCheckLAG (*)idmgmt_def_blacklist Bound to 0 interfaces for application IdentityManager (*)idmgmt_def_whitelist Bound to 0 interfaces for application IdentityManager (*)mirror-data Bound to 2 interfaces for application CLI
Use the following command to see the conditions and actions for a dynamic ACL:
* show access-list dynamic rule "mirror-data" entry mirror-data { if match all { source-address 10.66.9.8/24 ; protocol udp ; } then { permit ; mirror law_mirror ; } }
This command was first available in ExtremeXOS 11.3.
The detail keyword was added in ExtremeXOS 11.4.
The rule_li variable was added in ExtremeXOS 15.3.2.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.