Use this command to display information about ACLs configured on the switch.

Syntax   acl-ip-show name string id [action permit|deny] [proto tcp|udp|icmp|igmp|ip] [src-ip ip-address src-ip-mask netmask] [src-port src-port-number] [dst-ip ip-address] dst-ip-mask netmask] [dst-port dst-port-number] [vnet vnet-name] [vlan vlan-id] [scope local|fabric] [port port-number]

name string

Specifies the name of the ACL.


Species the ID assigned to the ACL.

permit | deny

Specifies the permission of the ACL to be either permit or deny.



Specifies the scope of the ACL.

src-ip ip-address

Specifies the source IP address of the ACL.

src-ip-mask netmask

Specifies the source IP mask of the ACL.

dst-ip ip-address

Specifies the destination IP address of the ACL.

dst-ip-mask netmask

Specifies the destination IP mask of the ACL.

protocol [tcp|udp|icmp|igmp|ip

Specifies the protocol flag filter of the ACL.

src-port src-port-number]

Specifies the source port number.

dst-port dst-port-number

Specifies the destination port number

vnet vnet-name

Specify the name of the VNET.

vlan vlan-id

Specifies the VLAN to apply the ACL.

port port-number

If the scope is local, specifies the switch port of the ACL.

Formatting Options

To format the output for this command, use the formatting options:

format fields-to-display

Display output using a specific parameter. Use all to display all possible output.

parsable-delim character

Display output formatted for machine parsing using a specified delimiter.


Display output in ascending order.


Display output in descending order.

show dups

Display duplicate entries in the output.

layout vertical|horizontal

Format the output in a vertical or horizontal layout.

show-interval seconds-interval

Repeat the show command at a specified interval.


Display column headers or not.

limit-output number

Limit the display output to a specific number of entries.


Display the number of entries in the output. This is useful with vRouter show commands.


Display full values in the output instead of scaled approximate values.


Display integer values instead of mapped values


Aggregate output by specific parameters. If sum-by fields are specified, records that have the same value in sum-by fields are combined and displayed as one aggregate record. NOTE: This option is only available for show commands that collect statistics such as connection-stats-show.

Defaults   None

Access   CLI

History   Command introduced in nvOS Version 1.2.1.

Version 1.2.1

Command introduced.

Version 2.4

The option, igmp, added to the parameter, protocol.

Version 2.4.1

The parameter, vnet, added.

Usage   Displays the list of IP ACLS in the configuration. .


Informational Note:  The source or destination IP address/mask of means any.

The source or destination IP address/mask of is the same as “host”.

Examples  This example shows how to display all IP ACLs.

CLI network-admin@switch > acl-ip-show

name  id  action  prot  sip  smsk  sprt  dip  dmsk  dprt  vlan  scope  unit  

slot  port


test1 54147812341841995 deny udp 20 40 0 local 0 0 0


test2 54147812341841996 deny udp 20 40 0 local 0 0 0



See Also