Cisco Nexus 7000 Series Command Reference Manual page 731
Hide thumbs
Also See for Nexus 7000 Series:
- Reference manual (746 pages) ,
- Configuration manual (536 pages) ,
- Hardware installation and reference manual (508 pages)
Table of Contents
Advertisement
Show Commands
• Whether the fragments command is configured for an IP ACL.
• The number of rules in the ACL configuration. This number does not reflect how many entries that the
• The interfaces that the ACL is applied to.
• The interfaces that the ACL is active on.
The show access-lists command displays statistics for each entry in an ACL if the following conditions are
both true:
• The ACL configuration contains the statistics per-entry command.
• The ACL is applied to an interface that is administratively up.
If an IP ACL includes the fragments command, it appears before the explicit permit and deny rules, but the
device applies the fragments command to noninitial fragments only if they do not match all other explicit
rules in the ACL.
This command does not require a license.
Examples
This example shows how to use the show access-lists command without specifying an ACL name on a device
that has one IP ACL and one MAC ACL configured:
switch# show access-lists
IP access list ip-v4-filter
MAC access list mac-filter
This example shows how to use the show access-lists command to display an IPv4 ACL named
ipv4-RandD-outbound-web, including per-entry statistics for the entries except for the MainLab object group:
switch# show access-lists ipv4-RandD-outbound-web
IP access list ipv4-RandD-outbound-web
This example shows how to use the show access-lists command to display an IPv4 ACL named
ipv4-RandD-outbound-web. The expanded keyword causes the contents of the object group from the previous
example to appear, including the per-entry statistics:
switch# show access-lists ipv4-RandD-outbound-web expanded
IP access list ipv4-RandD-outbound-web
This example shows how to use the show access-lists command with the summary keyword to display
information about an IPv4 ACL named ipv4-RandD-outbound-web, such as which interfaces the ACL is
applied to and active on:
switch# show access-lists ipv4-RandD-outbound-web summary
IPV4 ACL ipv4-RandD-outbound-web
ACL contains when the device applies it to an interface. If a rule in the ACL uses an object group, the
number of entries in the ACL when it is applied may be much greater than the number of rules.
10 permit ip any any
10 permit 00c0.4f00.0000 0000.00ff.ffff 0060.3e00.0000 0000.00ff.ffff ip
statistics per-entry
1000 permit ahp any any [match=732]
1005 permit tcp addrgroup MainLab any eq telnet
1010 permit tcp any any eq www [match=820421]
statistics per-entry
1000 permit ahp any any [match=732]
1005 permit tcp 10.52.34.4/32 any eq telnet [match=5032]
1005 permit tcp 10.52.34.27/32 any eq telnet [match=433]
1010 permit tcp any any eq www [match=820421]
Statistics enabled
Total ACEs Configured: 4
Cisco Nexus 7000 Series Security Command Reference
show access-lists
705
Advertisement
Table of Contents
