Quality of Service Commands / MAC Access Control List Commands
Parent topic: MAC Access Control List Commands

show mac access-lists

This command displays summary information for all Mac Access lists and ACL rule hit count of packets matching the configured ACL rule within an ACL. This counter value rolls-over on reaching the maximum value. There is a dedicated counter for each ACL rule. ACL counters do not interact with PBR counters.

For ACL with multiple rules, once a match occurs at any one specific rule, counters associated with this rule only get incremented (for example, consider an ACL with three rules, after matching rule two, counters for rule three would not be incremented).

For ACL counters, If an ACL rule is configured without RATE-LIMIT, the counter value is count of forwarded/discarded packets. (For example: For a burst of 100 packets, the Counter value is 100).

If the ACL rule is configured with RATE LIMIT, the counter value is the MATCHED packet count. If the sent traffic rate exceeds the configured limit, the counters still display matched packet count (despite getting dropped beyond the configured limit since match criteria is met) which would equal the sent rate. For example, if rate limit is set to 10 Kb/s and matching traffic is sent at 100 Kb/s, counters reflect a 100 Kb/s value. If the sent traffic rate is less than the configured limit, counters display only the matched packet count. Either way, only the matched packet count is reflected in the counters, irrespective of whether they get dropped or forwarded. ACL counters do not interact with diffserv policies.

Use the access list name to display detailed information of a specific MAC ACL.

Note:

The command output varies based on the match criteria configured within the rules of an ACL.

The command displays downloadable MAC ACLs. When access-list is configured as downloadable ACL, the show mac access-lists command displays an additional tag (#d) next to the original ACL name. The downloadable MAC ACLs are shown only in the show mac access-lists command, and is not displayed in the show running-config command. For example, if the ACL is created with the name dynacl, this command displays the ACL name as dynacl#d.

The output of the show mac access-lists command is enhanced to display up to 255 length character ACL names.

Format show mac access-lists [name]
Mode Privileged EXEC
Term Definition
ACL Name The user-configured name of the ACL.
ACL Counters Identifies whether the ACL counters are enabled or disabled.
Interface(s) The inbound or outbound interfaces to which the ACL is applied.
Sequence Number The ordered rule number identifier defined within the MAC ACL.
Action The action associated with each rule. The possible values are Permit or Deny.
Source MAC Address The source MAC address for this rule.
Source MAC Mask The source MAC mask for this rule.
Committed Rate The committed rate defined by the rate-limit attribute.
Committed Burst Size The committed burst size defined by the rate-limit attribute.
Destination MAC Address The destination MAC address for this rule.
Ethertype The Ethertype keyword or custom value for this rule.
VLAN ID The VLAN identifier value or range for this rule.
COS The COS (802.1p) value for this rule.
Log Displays when you enable logging for the rule.
Assign Queue The queue identifier to which packets matching this rule are assigned.
Mirror Interface Depending on the platform, this is the unit/slot/port to which packets matching this rule are copied.
Redirect Interface Depending on the platform, this is the unit/slot/port to which packets matching this rule are forwarded.
sFlow Remote Agent Indicates whether the sFlow sampling action is configured. This action, if configured, copies the packet matching the rule to the remote sFlow agent.
Time Range Name Displays the name of the time-range if the MAC ACL rule has referenced a time range.
Rule Status Status (Active/Inactive) of the MAC ACL rule.
ACL Hit Count The ACL rule hit count of packets matching the configured ACL rule within an ACL.

Example: The following shows example CLI display output for the command.

(Routing) #show mac access-lists mac1

ACL Name: mac1
ACL Counters: Enabled

Outbound Interface(s): control-plane
Sequence Number: 10
Action.............................permit
Source MAC Address................ 00:00:00:00:AA:BB
Source MAC Mask....................FF:FF:FF:FF:00:00
Committed Rate.....................32
Committed Burst Size...............16
ACL hit count .....................0

Sequence Number: 25
Action.............................permit
Source MAC Address................ 00:00:00:00:AA:BB
Source MAC Mask....................FF:FF:FF:FF:00:00
Destination MAC Address........... 01:80:C2:00:00:00
Destination MAC Mask...............00:00:00:FF:FF:FF
Ethertype..........................ipv6
VLAN...............................36
CoS Value..........................7
Assign Queue.......................4
Redirect Interface.................0/34
sflow-remote-agent.................TRUE
Committed Rate.....................32
Committed Burst Size...............16
ACL hit count .....................0

Example: The following example shows sample output of 255 length character ACL name.

(dhcp-10-52-142-182)#show mac access-lists

ACL Counters: Enabled
Current number of all ACLs: 20  Maximum number of all ACLs: 100

MAC ACL Name                     Rules  Direction  Interface(s)      VLAN(s)
-------------------------------  -----  ---------  ----------------  ----------
y-12345678912345678912345678912
3456789123456789123456789123456
7891234567891234567891234567891
2345678912345678912345678912345
6789123456789123456789123456789
1234567891234567891234567891234
5678912345678912345678912345678
9123456789123456789123456789123
4567891                          0
Parent topic: MAC Access Control List Commands

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo