Enhancements
Release M.10.02 Enhancements
Displaying the CurrentThese commands output data indicating the current ACL activity imposed
Syntax: show
For the specified ports, this command lists the explicit ACEs, switch port, and client MAC address for the ACL dynamically assigned by a RADIUS server as a response to client authentication. If cnt (counter) is included in an ACE, then the output includes the current number of inbound packet matches the switch has detected in the current session for that ACE.
Note: If there are no ACLs currently assigned to any port in <
Port <
If a client authenticates but the server does not return a
For example, the following output shows that a RADIUS server has assigned an ACL to port 10 to filter inbound traffic from an authenticated client identified by a MAC address of
ProCurve# show
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| deny in tcp from any | to 10.15.240.184 23 cnt | ||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| : |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
| Packet Hit Counter |
|
| 0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||||||||||||||||||||
| deny in tcp from any | to 10.15.240.184 80 cnt | ||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Packet Hit Counter | : | 0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| permit in tcp from any | to 10.15.240.184 7 | ||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||||
|
| permit in udp from any |
| to |
|
| 10.15.240.184 7 |
|
|
|
| |||||||||||||||||||||||||||||||||||
|
| |||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||||||||
| deny in tcp from | any |
| to 10.15.240.184 161 cnt | ||||||||||||||||||||||||||||||||||||||||||
|
|
| Packet Hit Counter | : | 0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| ||||||||||||||||||||||
| deny in udp from any | to 10.15.240.184 161 cnt | ||||||||||||||||||||||||||||||||||||||||||||
|
|
| Packet Hit Counter | : | 0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
permit in ip from any to any
Indicates MAC address identity of the authenticated client on the specified port. This data identifies the client to which the ACL applies.
Lists “deny” ACE for Inbound Telnet (23 = TCP port number) traffic, with counter configured to show the number of matches detected.
Lists current counter for the preceeding “Deny” ACE.
Lists “permit” ACE for inbound TCP and UDP traffic, with no counters configured.
Note that the implicit “deny any/any” included automatically at the end of every ACL is not visible in ACL listings generate by the switch.
Figure 9. Example Showing a
64