acl-ip-show

Use this command to display information about ACLs configured on the switch.

Syntax   acl-ip-show name string id [action permit|deny] [proto tcp|udp|icmp|igmp|ip] [src-ip ip-address src-ip-mask netmask] [src-port src-port-number] [dst-ip ip-address] dst-ip-mask netmask] [dst-port dst-port-number] [vnet vnet-name] [vlan vlan-id] [scope local|fabric] [port port-number]

name string

Specifies the name of the ACL.

id

Species the ID assigned to the ACL.

action
permit | deny

Specifies the permission of the ACL to be either permit or deny.

scope

local|fabric

Specifies the scope of the ACL.

src-ip ip-address

Specifies the source IP address of the ACL.

src-ip-mask netmask

Specifies the source IP mask of the ACL.

dst-ip ip-address

Specifies the destination IP address of the ACL.

dst-ip-mask netmask

Specifies the destination IP mask of the ACL.

protocol [tcp|udp|icmp|igmp|ip

Specifies the protocol flag filter of the ACL.

src-port src-port-number]

Specifies the source port number.

dst-port dst-port-number

Specifies the destination port number

vnet vnet-name

Specify the name of the VNET.

vlan vlan-id

Specifies the VLAN to apply the ACL.

port port-number

If the scope is local, specifies the switch port of the ACL.

Formatting Options

To format the output for this command, use the formatting options:

format fields-to-display

Display output using a specific parameter. Use all to display all possible output.

parsable-delim character

Display output formatted for machine parsing using a specified delimiter.

sort-asc

Display output in ascending order.

sort-desc

Display output in descending order.

show dups

Display duplicate entries in the output.

layout vertical|horizontal

Format the output in a vertical or horizontal layout.

show-interval seconds-interval

Repeat the show command at a specified interval.

show-headers|
no-show-headers

Display column headers or not.

limit-output number

Limit the display output to a specific number of entries.

count-output

Display the number of entries in the output. This is useful with vRouter show commands.

unscaled

Display full values in the output instead of scaled approximate values.

raw-int-values

Display integer values instead of mapped values

sum-by

Aggregate output by specific parameters. If sum-by fields are specified, records that have the same value in sum-by fields are combined and displayed as one aggregate record. NOTE: This option is only available for show commands that collect statistics such as connection-stats-show.

Defaults   None

Access   CLI

History   Command introduced in nvOS Version 1.2.1.

Version 1.2.1

Command introduced.

Version 2.4

The option, igmp, added to the parameter, protocol.

Version 2.4.1

The parameter, vnet, added.

Usage   Displays the list of IP ACLS in the configuration. .


 

Informational Note:  The source or destination IP address/mask of 0.0.0.0/255.255.255.255 means any.

The source or destination IP address/mask of 208.74.182.229/0.0.0.0 is the same as “host 208.74.182.229”.

Examples  This example shows how to display all IP ACLs.

CLI network-admin@switch > acl-ip-show

name  id  action  prot  sip  smsk  sprt  dip  dmsk  dprt  vlan  scope  unit  

slot  port

 

test1 54147812341841995 deny udp 192.192.100.100 0.0.0.0 20 192.168.1.100

0.0.0.0 40 0 local 0 0 0

 

test2 54147812341841996 deny udp 192.192.100.100 0.255.255.255 20

192.168.1.100 0.0.255.255 40 0 local 0 0 0

 

 

See Also