IPv4 Access Control Lists (ACLs)
Monitoring Static ACL Performance
Monitoring Static ACL Performance
ACL statistics counters provide a means for monitoring ACL performance by
using counters to display the current number of matches the switch has
detected for each ACE in an ACL assigned to a switch interface. This can help,
for example, to determine whether a particular traffic type is being filtered by
the intended ACE in an assigned list, or if traffic from a particular device or
network is being filtered as intended.
Note This section describes the command for monitoring static ACL performance.
To monitor RADIUS-assigned ACL performance, use either of the following
commands:
show access-list radius < all | port-list >
show port-access < authenticator | mac-based | web-based > clients
< port-list > detailed
Refer to “Displaying the Current RADIUS-Assigned ACL Activity on the
Switch” on page 6-26.
Syntax: show statistics
aclv4 < acl-name-str > port < port-# >
aclv4 < acl-name-str > vlan < vid > < in | out | vlan >
Displays the current match (hit) count per ACE for the speci-
fied IPv4 static ACL assignment on a specific interface:
Total: This column lists the running total of the matches the
switch has detected for the ACEs in an applied ACL since the
ACL’s counters were last reset to 0 (zero)
9-92
