Modify existing commands
ACL grouping feature does not introduce new show commands. Although it does modify the output content to indicate if an ACL is shared on specified interface lists.
show configuration
Another method to see if the ACL is shared by
using show running-config
. Add shared keyword after
direction when the ACL is shared.
Syntax
show running-config
Output
; J9850A Configuration Editor; Created on release #KB.15.19.0000x ; Ver #08:6b.ff.f7.fc.7f.ff.3f.ef:c7 ip access-list extended "my-acl" 10 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 exit interface A1 ip access-group "my-acl" out shared exit interface A2 ip access-group "my-acl" out shared exit interface A3 ip access-group "my-acl" out shared exit no allow-v2-modules
show statistics
Add shared keyword after direction when the ACL is shared. When the ACL is shared the hit counts listed will be for the total hit counts of all the interface lists that ACL is applied to. To debug the specified interface list the user has to remove it from the shared ACL.
Syntax
show statistics aclv4 my-acl port a1 out
Example output
switch# show statistics aclv4 my-acl port a1 out Hit Counts for ACL my-acl shared Total ( 0 ) 10 permit tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
show access-list
The new feature will modify some of the existing output content in ‘show access-list ports’ and ‘show access-list vlan’. Added shared keyword after type. Yes/No to indicate whether the interface list is shared.
show access-list ports
Syntax
show access-list ports <PORT-LIST>
| all
Description
Show access-list ports by port list or all.
Options
Example
switch# show access-list ports all Access Lists for Port A1 IPv4 Outbound: my-acl Type: Extended Shared: Yes Access Lists for Port A2 IPv4 Outbound: my-acl Type: Extended Shared: Yes Access Lists for Port A3 IPv4 Outbound: my-acl Type: Extended Shared: Yes
show access-list vlan
Syntax
show access-list vlan <VLAN-ID>
| all
Description
Show the access-list for a VLAN by VLAN-ID or all.
Example
switch# show access-list vlan 1 Access Lists for VLAN 1 IPv4 Router Inbound : (None) IPv4 Router Outbound : (None) IPv4 VLAN Inbound : (None) IPv4 VLAN Outbound : my-acl Type: Extended Shared: Yes IPv4 Connection Rate Filter : (None) IPv6 Router Inbound : (None) IPv6 Router Outbound : (None) IPv6 VLAN Inbound : (None) IPv6 VLAN Outbound : (None)