Access Security Guide K/KA/KB.15.15
aclv6 acl-name-str vlan vid vlan
Displays the current match (hit) count per ACE for the specified IPv4 or IPv6 static
ACL assignment on a specific interface.
For example:
HP Switch# show statistics aclv6 IPV6-ACL vlan 20 vlan
HitCounts for ACL IPV6-ACL
Total Delta
( 12) ( 2) 10 permit icmp ::/0 fe80::20:2/128 128
( 6) ( 0) 20 deny tcp ::/0 fe80::20:2/128 eq 23 log
( 41) ( 10) 30 permit ipv6 ::/0 ::/0
The command displays a counter for each ACE in an ACL assigned to an interface
on the switch:
Total
This column lists the running total of the matches the switch has detected for the
ACEs in an applied ACL since the ACL's counters were last reset, and includes the
match count listed in the Delta column for the same ACE.
ACE Counter Operation
For a given ACE in an assigned ACL, both counters increment by 1 each time the
switch detects a packet that matches the criteria in that ACE. However, the Total
counter maintains the running total of the matches since the last reset, while the
Delta counter shows only the number of matches since either the last
show statistics [ aclv4] | [aclv6 >]
command or the last time all counters in the ACL were reset.
For example, in line 10 below, there has been a total of 37 matches on the ACE
in line 10 since the last time the ACL's counters were reset, and 9 of those matches
have occurred after the last show statistics aclv4 command.
Total Delta
( 37) ( 9) 10 permit ip 0.0.0.0 255.255.255...
NOTE: This ACL monitoring feature does not include hits on the "implicit deny"
that is included at the end of all ACLs.
Resetting ACE Hit Counters to Zero:
• Removing an ACL from an interface zeros the ACL's ACE counters for that
interface only.
• For a given ACL, either of the following actions clear the ACE counters to zero
for all interfaces to which the ACL is assigned.
• adding or removing a permit or deny ACE in the ACL
• rebooting the switch
Overview 333