2-979
Catalyst 6500 Series Switch Command Reference—Release7.6
78-15328-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands show security acl log
show security acl logTo display VACL log information, use the show security acl log command.
show security acl log config
show security acl log flow protocol {src_ip_spec | dest_ip_spec} [vlan vlan_num]
show security acl log flow {ip} {src_ip_spec | dest_ip_spec} [vlan vlan_num]
show security acl log flow {icmp | 1} {src_ip_spec | dest_ip_spec} [icmp_type [icmp_code]]
[vlanvlan_num]
show security acl log flow {tcp | 6} {{src_ip_spec [operator port [port]]} | {dest_ip_spec [operator
port [port]]}} [vlan vlan_num]
show security acl log flow {udp | 17} src_ip_spec [operator port [port]] dest_ip_spec [operator
port [port]] [vlan vlan_num]
show security acl log flow arp [host IP_Address [vlan vlan_num]]
Syntax Description config Displays the VACL log c onfigu ration infor mation including the maximum
number of the flow pattern and redirect rate.
flow Displays the flow information specified by the arguments since its last
syslog report.
protocol Keyword or number of an IP protocol; valid numbers are from 0 to 255
representing an IP protocol number. See the “Usage Guidelines” section
for the list of valid keywords.
src_ip_spec Source IP address and the source mask. See the “Usage Guidelines”
section for the format.
dest_ip_spec Destination IP address and the destination mask. See the “Usage
Guidelines” section for the format.
vlan vlan_num (Optional) Number of the VLAN to be displayed; valid values are from
1 to 1005 and from 1025 to 4094.
ip Matches any IP packets.
icmp | 1Matches ICMP packets.
icmp_type (Optional) ICMP message type name or a number; valid values are from 0
to 255. See the “Usage Guidelines” section for a list of valid names.
icmp_code (Optional) ICMP message code name or a number; valid values are from
0 to 255. See the “Usage Guidelines” section for a list of valid names.
tcp | 6Matches TCP packets.
operator (Optional) Operands; valid values include lt (less than), gt (greater than),
eq (equal), neq (not equal), and range (inclusive range).
port (Optional) Number or name of a TCP or UDP port; valid port numbers are
from 0 to 65535. See the “Usage Guidelines” section for a list of valid
names.
udp | 17 Matches UDP packets.