You are here: Home > CLI Commands > Just_CLI_Topics > show acl hits

show acl hits

show acl hits

Description

Show internal ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. hit counters.

Syntax

No parameters.

Usage Guidelines

Issue this command to see the number of times an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. defined a user’s role, or traffic and firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. policies for a user session.

Example

In the example below, the output of the User Role ACL Hits table is shown in two separate tables to allow the output to fit on a single page of this document. In the actual controller CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., the User Role ACL Hits table is shown in a single, wide table.

(host) #show acl ace-table acl 1

User Role ACL Hits

------------------

Role Policy Src Dst

---- ------ --- ---

logon control any any

logon control any any

logon any any

visitor vp-control any any

visitor vp-control any any

visitor vp-access any any

visitor vp-access user mswitch-master

visitor vp-access any any

 

User Role ACL Hits------------------

Service Action Dest/Opcode New Hits Total Hits Index

------- ------ ----------- -------- ---------- -----

svc-icmp permit 0 6 5052

svc-dhcp permit 0 2 5057

0 deny 0 53 5069

svc-dns permit 9 46079 4885

svc-dhcp permit 0 788 4886

svc-icmp permit 0 536 4887

svc-http permit 0 41 4889

6 9100-9100 permit 0 31 4892

Port Based Session ACL

----------------------

Policy Src Dst Service Action Dest/Opcode New Hits Total Hits Index

------ --- --- ------- ------ ----------- -------- ---------- -----

validuser 10.1.1.0 255.255.255.0 any any deny 0 214 4655

validuser any any any permit 6 2502 4656

 

Port ACL Hits

-------------

ACL ACE New Hits Total Hits Index

--- --- -------- ---------- -----

5 22 0 14 238

The output of this command includes the following information:

Parameter

Description

Role

Name of the role assigned by the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Policy

Name of the policy used by the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.

Src

The traffic source, which can be one of the following:

<alias>: Name of a user-defined alias for a network host, subnetwork, or range of addresses.

any: match any traffic.

host: specify a single host IP address.

network: specify the IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

user: represents the IP address of the user.

Dst

 

The traffic destination, which can be one of the following:

<alias>: Name of a user-defined alias for a network host, subnetwork, or range of addresses.

any: match any traffic.

host: specify a single host IP address.

network: specify the IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

user: represents the IP address of the user.

Service

Network service, which can be one of the following:

IP protocol number (0-255)

name of a network service (use the show netservice command to see configured services)

any: match any traffic

tcp: specify the TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port number (0-65535)

udp: specify the UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port number (0-65535)

Action

 

Action if rule is applied, which can be one of the following:

deny: reject packets

dst-nat: perform destination NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. on packets

dual-nat: perform both source and destination NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. on packets

permit: forward packets

redirect: specify the location to which packets are redirected

src-nat: perform source NATSource NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. on packets

Dest/Opcode

The datapath destination ID.

New Hits

Number of ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. hits that occurred since this command was last issued.

Total Hits

Total number of ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. hits recorded since the controller last reset.

Index

Index number of the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.

ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. number

ACEAccess Control Entry. ACE is an element in an ACL that includes access control information.

ACEAccess Control Entry. ACE is an element in an ACL that includes access control information. number

New Hits

Number of times the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. was applied since this command was last issued.

Total Hits

Number of times the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. was applied since the controller was last reset.

Index

Index number of the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Command History

Command

Description

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/