IPv4 Access Control Lists (ACLs)
Enable ACL "Deny" Logging
HP Switch# show statistics aclv6 IPV6-ACL vlan 20 vlan
HitCounts for ACL IPV6-ACL
Total
(
12)
10 permit icmp ::/0 fe80::20:2/128 128
(
6)
20 deny tcp ::/0 fe80::20:2/128 eq 23 log
(
41)
30 permit ipv6 ::/0 ::/0
HP Switch# show statistics aclv4 102 vlan 20 vlan
HitCounts for ACL 102
Total
(
4)
10 permit icmp 10.10.20.3 0.0.0.0 10.10.20.2 0.0.0.0 8
(
8)
20 deny icmp 0.0.0.0 255.255.255.255 10.10.20.2 0.0.0.0 8
(
2)
30 permit tcp 10.10.20.3 0.0.0.255 10.10.20.2 0.0.0.255 eq 23
(
2)
55 deny tcp 0.0.0.0 255.255.255.255 10.10.20.2 0.0.0.0 8
(
125)
60 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
Figure 10-46. Example of IPv6 and IPv4 ACL Statistics
10-118
Syntax: < show | clear > statistics
aclv4 < acl-name-str > port < port-# >
aclv4 < acl-name-str > vlan < vid > < in | out | vlan >
aclv6 < acl-name-str > port < port-# >
aclv6 < acl-name-str > vlan < vid > < in | out | vlan >
Displays the current match (hit) count per ACE for the speci-
fied IPv6 or IPv4 static ACL assignment on a specific interface.
show: Displays the current match (hit) count per ACE for the
specified IPv6 or IPv4 static ACL assignment on a specific
interface.
clear: Resets ACE hit counters to zero for the specified IPv6 or
IPv4 static ACL assignment on a specific interface.
Total: This column lists the running total of the matches the
switch has detected for the ACEs in an applied ACL since the
ACL's counters were last reset to 0 (zero)
For example, figure 10-46 illustrates both IPv6 and IPv4 ACL
activity: