This command displays summary information of all the IPv6 Access lists. Use the access list name to display detailed information of a specific IPv6 ACL.
This command displays information about the attributes icmp-type, icmp-code, fragments, routing, tcp flags, and source and destination L4 port ranges. It displays committed rate, committed burst size, and ACL rule hit count of packets matching the configured ACL rule within an ACL. This counter value rolls-over on reaching the maximum value. There is a dedicated counter for each ACL rule. ACL counters do not interact with PBR counters.
For ACL with multiple rules, once a match occurs at any one specific rule, counters associated with this rule only get incremented (for example, consider an ACL with three rules, after matching rule two, counters for rule three would not be incremented).
For ACL counters, If an ACL rule is configured without RATE-LIMIT, the counter value is a count of the forwarded/discarded packets. (For example: for a burst of 100 packets, the Counter value is 100).
If an ACL rule is configured with RATE LIMIT, the counter value is that of the MATCHED packet count. If the sent traffic rate exceeds the configured limit, the counters still display matched packet count (despite getting dropped beyond the configured limit since match criteria is met) that equals the sent rate. For example, if the rate limit is set to 10 kilobits per second Kb/s) and matching traffic is sent at 100 Kb/s, counters would reflect 100 Kb/s value. If the sent traffic rate is less than the configured limit, the counters display only the matched packet count. Either way, only the matched packet count is reflected in the counters, irrespective of whether they get dropped or forwarded. ACL counters do not interact with DiffServ policies.
The command displays downloadable IPv6 ACLs. When access-list is configured as downloadable ACL, the show ipv6 access-lists command displays an additional tag (#d) next to the original ACL name. The downloadable IPv6 ACLs are shown only in the show ipv6 access-lists command, and is not displayed in the show running-config command. For example, if the ACL is created with the name dynacl, this command displays the ACL name as dynacl#d.
The output of the show ipv6 access-lists command is enhanced to display up to 255 length character ACL names.
| Format | show ipv6 access-lists [name] |
| Mode | Privileged EXEC |
| Term | Definition |
|---|---|
| ACL Counters | Shows whether ACL counters are enabled or disabled. |
| Current number of all ACLs | The number of ACLs of any type currently configured on the system. |
| Maximum number of all ACLs | The number of ACLs of any type that can be configured on the system. |
| IPv6 ACL Name | The configured ACL name. |
| Rules | The number of rules configured for the ACL. |
| Direction | Shows whether the ACL is applied to traffic coming into the interface (inbound/ingress) or leaving the interface (outbound/egress). |
| Interface(s) | Identifies the interface(s) to which the ACL is applied (ACL interface bindings). |
| VLAN(s) | Identifies the VLANs to which the ACL is applied (ACL VLAN bindings). |
If you specify an IPv6 ACL name, the following information displays:
Only the access list fields that you configure are displayed. Thus, the command output varies based on the match criteria configured within the rules of an ACL.
| Term | Definition |
|---|---|
| ACL Name | The user-configured name of the ACL. |
| ACL Counters | Identifies whether the ACL counters are enabled or disabled. |
| Interface(s) | The inbound and/or outbound interfaces to which the ACL is applied. |
| Sequence Number | The ordered rule number identifier defined within the IPv6 ACL. |
| Action | The action associated with each rule. The possible values are Permit or Deny. |
| Match Every | Indicates whether this access list applies to every packet. Possible values are True or False. |
| Protocol | The protocol to filter for this rule. |
| Committed Rate | The committed rate defined by the rate-limit attribute. |
| Committed Burst Size | The committed burst size defined by the rate-limit attribute. |
| Source IP Address | The source IP address for this rule. |
| Source L4 Port Keyword | The source port for this rule. |
| Destination IP Address | The destination IP address for this rule. |
| Destination L4 Port Keyword | The destination port for this rule. |
| IP DSCP | The value specified for IP DSCP. |
| Flow Label | The value specified for IPv6 Flow Label. |
| Log | Displays when you enable logging for the rule. |
| Assign Queue | The queue identifier to which packets matching this rule are assigned. |
| Mirror Interface | The unit/slot/port to which packets matching this rule are copied. |
| Redirect Interface | The unit/slot/port to which packets matching this rule are forwarded. |
| Time Range Name | Displays the name of the time-range if the IPv6 ACL rule has referenced a time range. |
| Rule Status | Status (Active/Inactive) of the IPv6 ACL rule. |
| sFlow Remote Agent | Indicates whether the sFlow sampling action is configured. This action, if configured, copies the packet matching the rule to the remote sFlow agent. |
| ACL Hit Count | The ACL rule hit count of packets matching the configured ACL rule within an ACL. |
Example: The following shows example CLI display output for the command.
(Routing) #show ipv6 access-lists ip61
ACL Name: ip61
Outbound Interface(s): control-plane
Sequence Number: 1
Action......................................... deny
Match All...................................... FALSE
Protocol....................................... 6(tcp)
TCP Flags...................................... FIN (Ignore)
SYN (Set)
RST (Ignore)
PSH (Set)
ACK (Ignore)
URG (Ignore)
Log............................................ TRUE
Assign Queue................................... 2
sflow-remote-agent............................. TRUE
ACL hit count ............................0
Example: The following example shows sample output of 255 length character ACL name.
(dhcp-10-52-142-182)#show ipv6 access-lists ACL Counters: Enabled Current number of all ACLs: 19 Maximum number of all ACLs: 100 IPv6 ACL Name Rules Direction Interface(s) VLAN(s) ------------------------------- ----- --------- ---------------- ---------- z-12345678912345678912345678912 3456789123456789123456789123456 7891234567891234567891234567891 2345678912345678912345678912345 6789123456789123456789123456789 1234567891234567891234567891234 5678912345678912345678912345678 9123456789123456789123456789123 4567891 0
