KB.15.15

Figure 208 Commands for applying an ACL with logging to Figure 207 (page 294)

Monitoring static ACL performance

ACL statistics counters provide a means for monitoring ACL performance by using counters to

display the current number of matches the switch has detected for each ACE in an ACL assigned

to a switch interface. This can help in determining whether a particular traffic type is being filtered

by the intended ACE in an assigned list, or if traffic from a particular device or network is being

filtered as intended.

NOTE: This section describes the command for monitoring static ACL performance. To monitor

RADIUS-assigned ACL performance, use either of the following commands:

show access-list radius < all port-list >

show port-access < authenticator mac-based web-based >

clients < port-list > detailed

See “Displaying the current RADIUS-assigned ACL activity on the switch” (page 207).

Syntax:

< show clear >

statistics

aclv4 < acl-name-str >port < port-# >

aclv4 acl-name-strvlan vid < in out vlan >

aclv6 < acl-name-str >

port < port-# >

aclv6 < acl-name-str >

vlan < vid> < in [out] vlan >

Displays the current match (hit ) count per ACE for the specified IPv6 or IPv4 static

ACL assignment on a specific interface.

show

Displays the current match (hit) count per ACE for the specified IPv6 or IPv4 static

ACL assignment on a specific interface.

clear

Using 295