Monitoring static ACL performance

ACL statistics counters provide a means for monitoring ACL performance by using counters to display the current number of matches the switch has detected for each ACE in an ACL assigned to a switch interface. This can help in determining whether a particular traffic type is being filtered by the intended ACE in an assigned list, or if traffic from a particular device or network is being filtered as intended.

NOTE:

This section describes the command for monitoring static ACL performance. To monitor RADIUS-assigned ACL performance, use either of the following commands: 


show access-list radius <all port-list>


show port-access <authenticator mac-based web-based> clients <port-list> detailed

See Show RADIUS-assigned ACL activity.

Syntax 


<show clear> statistics


aclv4 <acl-name-str> port <port-#> aclv4 acl-name-strvlan vid<in out vlan>


aclv6 <acl-name-str> port <port-#> aclv6 <acl-name-str> vlan <vid> <in [out] vlan>

Displays the current match (hit ) count per ACE for the specified IPv6 or IPv4 static ACL assignment on a specific interface.

show

Displays the current match (hit) count per ACE for the specified IPv6 or IPv4 static ACL assignment on a specific interface.

clear

Resets ACE hit counters to zero for the specified IPv6 or IPv4 static ACL assignment on a specific interface.

Total

This column lists the running total of the matches the switch has detected for the ACEs in an applied ACL since the ACL's counters were last reset to 0 (zero)

IPv6 and IPv4 ACL activity

ACL performance monitoring

The following figures show a sample of performance monitoring output for an IPv6 ACL assigned as a VACL.
IPv6 ACL performance monitoring output
IPv4 ACL assigned as a VACL performance monitoring output