Descriptions of data types included in show access-list command output

Table 15: Descriptions of data types included in show access-list acl-id output

Field

Description

Name

The ACL identifier. For IPv6 ACLs, is an alphanumeric name. For IPv4 ACLs, can be a number from 1 to 199 or an alphanumeric name.

Type

IPv6, Standard, or Extended. IPv6 ACLs use a source and a destination address, plus IPv6 protocol specifiers.
  • Standard ACLs are IPv4 only, and use only a source IP address.

  • Extended ACLs are available in IPv4 only, and use both source and destination IP addressing, as well as other IP protocol specifiers.

Applied

Yes

means that the ACL has been applied to an interface. No means that the ACL exists in the switch configuration, but has not been applied to any interface, and is therefore not in use.

SEQ

The sequential number of the ACE in the specified ACL.

Entry

Lists the content of the ACEs in the selected ACL.

Action

Permit (forward) or deny (drop) a packet when it is compared to the criteria in the applicable ACE and found to match. Includes the optional log option, if used, in deny or permit actions.

Remark

Displays any optional remark text configured for the selected ACE.

IP

Used for IPv4 standard ACEs: The source IPv4 address to which the configured mask is applied to determine whether there is a match with a packet.

Src IP

Used for IPv6 ACEs and IPv4 extended ACEs: The source IPv6 or IPv4 address to which the configured mask is applied to determine whether there is a match with a packet.

Dst IP

Used for IPv6 ACEs and IPv4 extended ACEs: The source and destination IP addresses to which the corresponding configured masks are applied to determine whether there is a match with a packet.

Mask

Used in IPv4 ACEs, the mask is configured in an ACE and applied to the corresponding IP address in the ACE to determine whether a packet matches the filtering criteria.

Prefix Len (source and destination)

Used in IPv6 ACEs to specify the number of consecutive high-order (leftmost) bits of the source and destination addresses configured in an ACE to be used to determine a match with a packet being filtered by the ACE.

Proto

Used in IPv6 ACEs and IPv4 extended ACEs to specify the packet protocol type to filter.

Port

Used in IPv4 extended ACEs to show any TCP or UDP operator and port numbers included in the ACE.

Src Ports Dst Ports

Used in IPv6 ACEs to show TCP or UDP source and destination operator and port numbers included in the ACE.

DSCP

Used in IPv6 ACEs to show the DSCP precedence or codepoint setting, if any.

TOS

Used in IPv4 extended ACEs to indicate type-of-service setting, if any.

Precedence

Used in IPv4 extended ACEs to indicate the IP precedence setting, if any.