You are here: Home > CLI Commands > Just_CLI_Topics > show ip access-list

show ip access-list

show ip access-list

brief [ipv4|ipv6]

<string>

Description

This command displays a table of all configured ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., or show details for a specific ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Syntax

Parameter

Description

brief

Display a table of information for all ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

<string>

Specify the name of a single ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to display detailed information on that ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Examples

The example below shows general information for all ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. in the Access List table.

(host) [mynode] #show ip access-list brief

 

Access list table (4 - IPv4, 6 - IPv6)

--------------------------------------

Name Type Use Count Roles

---- ---- --------- -----

allow-diskservices session(4)

allow-printservices session(4)

allowall session(46) 3 default-via-role default-vpn-role authenticated

ap-acl session(4) 1 ap-role

ap-uplink-acl session(4)

apprf-authenticated-sacl session 1 authenticated

apprf-default-via-role-sacl session 1 default-via-role

apprf-default-vpn-role-sacl session 1 default-vpn-role

apprf-guest-sacl session 1 guest

apprf-stateful-dot1x-sacl session 1 stateful-dot1x

apprf-voice-sacl session 1 voice

captiveportal session(4) 2 guest-logon logon

captiveportal6 session(6) 2 guest-logon logon

 

The output of this command includes the following parameters:

Parameter

Description

Name

Name of an ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Type

Shows that the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is one of the following ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. policy types:

Ethertype

Standard

Session

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.

Extended

Use Count

Number of rules defined in the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Roles

Names of user roles associated with the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Include the name of a specific ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. to show detailed configuration information for that ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. The output in the example below has been divided into two sections to better fit int this document. The output in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. will appear in a single, long table.

(host) [mynode] # show ip access-list captiveportal6

ip access-list session captiveportal6

captiveportal6

--------------

Priority Source Destination Service Application Action NextHopList TimeRange

-------- ------ ----------- ------- ----------- ------ ----------- ---------

1 user md-6 svc-https captive

2 user any svc-http captive

3 user any svc-https captive

4 user any svc-http-proxy1 captive

5 user any svc-http-proxy2 captive

6 user any svc-http-proxy3 captive

 

Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract

--- ------- ----- --- ----- --------- ------ ------- ------ --------

Low 6

Low 6

Low 6

Low 6

Low 6

Low 6

The output of the show ip access-list command may include some or all of the following parameters:

Parameter

Description

Priority

Name of an access-control list (ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.).

Source

The traffic source, which can be one of the following:

alias: The network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases)

any: Matches any traffic.

host: A single host IP address.

network: The IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

user: The IP address of the user.

localip: The set of all local IP addresses on the system, on which the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied.

Destination

The traffic destination, which can be one of the following:

alias: The network resource (use the netdestination command to configure aliases; use the show netdestination command to see configured aliases)

any: Matches any traffic.

host: A single host IP address.

network: An IP address and netmaskNetmask is a 32-bit mask used for segregating IP address into subnets. Netmask defines the class and range of IP addresses..

user: The IP address of the user.

localip: The set of all local IP addresses on the system, on which the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied.

Service

Network service, which can be one of the following:

An IP protocol number (0-255).

The name of a network service (use the show netservice command to see configured services).

any: Matches any traffic.

tcp: A TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port number (0-65535).

destination port number: specify the TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port number (0-65535)

source: TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. or UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. source port number

udp: A UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port number (0-65535).

Application

Name of the application to which the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied. (For a complete list of supported applications, issue the command show dpi application all.)

Action

Action if rule is applied, which can be one of the following:

deny: Reject packets.

dst-nat: Perform destination NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. on packets.

dual-nat: Perform both source and destination NATNetwork Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. on packets.

permit: Forward packets.

redirect: Specify the location to which packets are redirected, which can be one of the following:

Datapath destination ID (0-65535).

esi-group: Specify the ESIExternal Services Interface. ESI provides an open interface for integrating security solutions that solve interior network problems such as viruses, worms, spyware, and corporate compliance. server group configured with the esi group command

opcode: Specify the datapath destination ID (0x33, 0x34, or 0x82). Do not use this parameter without proper guidance from Aruba.

tunnel: Specify the ID of the tunnel configured with the interface tunnel command.

src-nat: Perform source NATSource NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. on packets.

IpsecMap

Packets can be redirected over a VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel by specifying the name of an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map in the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. This column specifies the name of an IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map used by a router ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. For more information on IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. maps, see crypto-local ipsec-map.

Timerange

Any defined time range for this rule.

NextHopList

If the access rule uses PBRPolicy-based Routing. PBR provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator. to forwards packets to a nexthop device, then this column displays the next-hop list associated with the rule. For more information on next-hop lists, see ip nexthop-list.

Tunnel

Packets can be redirected over an L3 GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel. If the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. routes packets over a tunnel, this column specifies the tunnel used by the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port..

TunnelGroup

Packets can be redirected over an L3 GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel group. If the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port. routes packets over a tunnel in a tunnel group, this column specifies the tunnel group used by the ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.. For more information on tunnel groups, see tunnel-group.

Log

Shows if the rule was configured to generate a log message when the rule is applied.

Expired

Shows if the rule has expired.

Queue

Shows if the rule assigns a matching flow to a priority queue (high or low).

8021.p

802.11p priority level applied by the rule (0-7).

Blacklist

Shows if the rule should blacklist any matching user.

Mirror

Shows if the rule was configured to mirror all session packets to datapath or remote destination.

DisScan

Shows if the rule was configured to pause ARMAdaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. scanning while traffic is present.

IPv4/6

Shows the IP version.

Contract

Shows the bandwidth contract status.

Related Commands

Command

Description

ip access-list session

Configure an access list for an interface.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable or Config mode on Mobility Master.

/*]]>*/