KB.15.15

Figure 191 Listing an IPv4 extended ACL

The show access-list identifier config command shows the same ACL data as show

access-list < identifier > but in the format used by the show < run | config >

commands to list the switch configuration. For example:

Figure 192 An ACL listed with the "Config" option

Table 26 Descriptions of data types included in show access-list < acl-id > output

DescriptionField

The ACL identifier. Can be a number from 1 to 199, or a name.Name

Standard or Extended. The former uses only source IPv4 addressing. The latter uses both source and

destination IPv4 addressing and also allows TCP or UDP port specifiers.

Type

"Yes" means the ACL has been applied to a port or VLAN interface. "No" means the ACL exists in the

switch configuration, but has not been applied to any interface, and is therefore not in use.

Applied

The sequential number of the Access Control Entry (ACE) in the specified ACL.SEQ

Lists the content of the ACEs in the selected ACL.Entry

Permit (forward) or deny (drop) a packet when it is compared to the criteria in the applicable ACE and

found to match. Includes the optional log option, if used, in deny actions.

Action

Displays any optional remark text configured for the selected ACE.Remark

Used for Standard ACLsIP

The source IPv4 address to which the configured mask is applied to determine whether there is a match

with a packet.

Used for Extended ACLsSrc IP

Same as above.

Used for Extended ACLsDst IP

280 IPv4 Access Control Lists (ACLs)