2-980
Catalyst 6500 Series Switch Command Reference—Release7.6
78-15328-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
show security acl log
Defaults This command has no default settings.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines This command is supported on systems configured with Supervisor Engine 2 with Layer 3 Switching
Engine II (PFC2) only.
Configurations you make by entering this command are saved to NVRAM and hardware only after you
enter the commit command. Enter ACEs in batches and then enter the commit command to save them
in NVRAM and in the hardware.
When you specify the source IP address and the source mask, use the form
source_ip_addresssource_mask and follow these guidelines:
The source_mask is required; 0 indicates a care bit, 1 indicates a don’t-care bit.
Use a 32-bit quantity in four-part dotted-decimal format.
Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0
255.255.255.255.
Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0.
Valid protocol keywords include icmp (1), ip, ipinip (4), tcp (6), udp (17), igrp (9), eigrp (88),
gre (47), nos (94), ospf (89), ahp (51), esp (50), pcp (108), and pim (103). The IP number is displayed
in parentheses. Use the keyword ip to match any Internet Protocol.
ICMP packets that are matched by ICMP message type can also be matched by the ICMP message code.
Valid names for icmp_type and icmp_code are administratively-prohibited, alternate-address,
conversion-error, dod-host-prohibited, dod-net-prohibited, echo, echo-reply,
general-parameter-problem, host-isolated, host-precedence-unreac ha ble , ho st-r ed irect ,
host-tos-redirect, host-tos-unreachable, host-unknown, host-unreachable, informa tion-r eply,
information-request, mask-reply, mask-request, mobile-redirect, net-redirect, net-tos-redirect,
net-tos-unreachable, net-unreachable, network-unknown, no-room-for-option, o pti on-mi ssing ,
packet-too-big, parameter-problem, port-unreachable, precedence-unr eachab le, prot ocol- unreac habl e,
arp Displays all logged ARP packets.
host IP_Address (Optional) Specifies the IP address of an IP host.