5.11.2.3 Monitor-Security-Network-ACL Status

The ACL Status page shows the ACL status by different ACL users. Each row describes the ACE that is defined. It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations. The maximum number of ACEs is 128 on each switch.

Figure 5-41. ACL Status

The ACL Status page has the following parameters:

  • User: Indicates the ACL user
  • ACE: Indicates the ACE ID on local switch
  • Frame Type: Indicates the frame type of ACE. Possible values are:
    • Any: ACE matches any frame type

    • EType: ACE matches Ethernet Type frames

      Note: An Ethernet Type based ACE does not get matched by IP and ARP frames.
    • ARP: ACE matches ARP/RARP frames
    • IPv4: ACE matches all IPv4 frames
    • IPv4/ICMP: ACE matches IPv4 frames with ICMP protocol
    • IPv4/UDP: ACE matches IPv4 frames with UDP protocol
    • IPv4/TCP: ACE matches IPv4 frames with TCP protocol
    • IPv4/Other: ACE matches IPv4 frames, which are not ICMP/UDP/TCP.
    • IPv6: ACE matches all IPv6 standard frames
  • Action: Indicates the forwarding action of ACE
    • Permit: Frames matching ACE may be forwarded and learned
    • Deny: Frames matching ACE are dropped
    • Filter: Frames matching ACE are filtered
  • Rate Limiter: Indicates the rate limiter number of ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled.
  • CPU: Forward packet that matched the specific ACE to CPU
  • Counter: The counter indicates the number of times the ACE was hit by a frame
  • Conflict: Indicates the hardware status of the specific ACE. The specific ACE is not applied to the hardware due to hardware limitations.