ACL
nv show acl
Shows the configured ACL rules on the switch.
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl
type Summary
-------- ---- --------
EXAMPLE1 ipv4 rule: 10
nv show acl <acl-id>
Shows the specified ACL configuration.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1
operational applied
---- ----------- -------
type ipv4
rule
=======
nv show acl <acl-id> rule
Shows the rules for the specified ACL.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule
Number Summary
------ --------------------------------
10 match.ip.dest-ip: 10.0.15.8/32
match.ip.dest-port: ANY
match.ip.protocol: tcp
match.ip.source-ip: 10.0.14.2/32
match.ip.source-port: ANY
nv show acl <acl-id> rule <rule-id>
Shows configuration information about the ACL with the specified rule number.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10
operational applied
----------------- ------------ ------------
match
ip
dest-ip 10.0.15.8/32 10.0.15.8/32
protocol tcp tcp
source-ip 10.0.14.2/32 10.0.14.2/32
[dest-port] ANY ANY
[source-port] ANY ANY
nv show acl <acl-id> rule <rule-id> action
Shows the action for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action
operational applied
----------- -------
permit
nv show acl <acl-id> rule <rule-id> action deny
Shows the deny action for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action deny
nv show acl <acl-id> rule <rule-id> action erspan
Shows the ERSPAN session for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action erspan
operational applied pending
--- ----------- ------- -------
ttl 200
nv show acl <acl-id> rule <rule-id> action log
Shows logs for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action log
nv show acl <acl-id> rule <rule-id> action permit
Shows the permit action for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action permit
nv show acl <acl-id> rule <rule-id> action police
Shows policing of matched packets and bytes for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The ACL rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action police
nv show acl <acl-id> rule <rule-id> action set
Shows the set action for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 action set
nv show acl <acl-id> rule <rule-id> match
Shows the ACL match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match
nv show acl <acl-id> rule <rule-id> match ip
Shows the IPv4 or IPv6 match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip
operational applied
----------- ----------- -------
protocol tcp
[dest-port] 200
nv show acl <acl-id> rule <rule-id> match ip dest-port
Shows destination port match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip dest-port
Ports
-----
ANY
nv show acl <acl-id> rule <rule-id> match ip dest-port <ip-port-id>
Shows destination port match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
<ip-port-id> | The IP port number or protocol. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip dest-port http
nv show acl <acl-id> rule <rule-id> match ip ecn
Shows ECN match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.2.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip ecn
nv show acl <acl-id> rule <rule-id> match ip ecn flags
Shows the ECN protocol flag match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.2.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip ecn flags
operational applied
----------- -------
tcp-cwr
tcp-ece
tcp-cwr
tcp-ece
nv show acl <acl-id> rule <rule-id> match ip fragment
Shows ip fragment packet match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip fragment
nv show acl <acl-id> rule <rule-id> match ip source-port
Shows the source port match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip source-port ANY
nv show acl <acl-id> rule <rule-id> match ip source-port <ip-port-id>
Shows the match criteria for a specific port for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
<ip-port-id> | The IP port number or protocol. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip source-port ANY
nv show acl <acl-id> rule <rule-id> match ip tcp
Shows TCP match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip tcp
nv show acl <acl-id> rule <rule-id> match ip tcp flags
Shows TCP flag match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip tcp flags
nv show acl <acl-id> rule <rule-id> match ip tcp mask
Shows TCP protocol flag mask match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match ip tcp mask
nv show acl <acl-id> rule <rule-id> match mac
Shows MAC address match criteria for the specified ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show acl EXAMPLE1 rule 10 match mac
nv show interface <interface-id> acl
Shows the ACLs on the specified interface. You use ACLs to match packets and take actions.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show interface swp1 acl
ACL Name Rule ID In Packets In Bytes Out Packets Out Bytes
-------- ------- ---------- -------- ----------- ---------
EXAMPLE1 10 0 0
nv show interface <interface-id> acl <acl-id>
Shows information about a specific ACL on the specified interface. You use ACLs to match packets and take actions.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1
Statistics
=============
Rule In Packet In Byte Out Packet Out Byte Summary
---- --------- ------- ---------- -------- -----------------------
10 0 0 Bytes match.ip.dest-port: 200
match.ip.protocol: tcp
nv show interface <interface-id> acl <acl-id> inbound
Shows information about the ACL applied for inbound traffic on the specified interface.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1 inbound
nv show interface <interface-id> acl <acl-id> inbound control-plane
Shows information about the ACL applied for the control plane on the specified interface.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1 inbound control-plane
nv show interface <interface-id> acl <acl-id> outbound
Shows information about the ACL applied for outbound traffic on the specified interface.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1 outbound
nv show interface <interface-id> acl <acl-id> outbound control-plane
Shows information about the ACL applied to the control plane for outbound traffic on the specified interface.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1 outbound control-plane
nv show interface <interface-id> acl <acl-id> statistics
Shows statistics for a specific ACL on the specified interface.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.2.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1 statistics
Rule In Packet In Byte Out Packet Out Byte Summary
---- --------- ------- ---------- -------- -----------------------
10 0 0 Bytes match.ip.dest-port: 200
match.ip.protocol: tcp
nv show interface <interface-id> acl <acl-id> statistics <rule-id>
Shows statistics for a specific ACL rule on the specified interface.
Command Syntax
| Syntax | Description |
|---|---|
<interface-id> | The interface on which the ACL operates. |
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.2.0
Example
cumulus@switch:~$ nv show interface swp1 acl EXAMPLE1 statistics 10
operational applied
--------------- ----------- -------
match
ip
protocol tcp
[dest-port] 200
outbound
byte 0 Bytes
packet 0
nv show system acl
Shows the ACL mode setting; atomic or non-atomic
Version History
Introduced in Cumulus Linux 5.3.0
Example
cumulus@switch:~$ nv show system acl
applied
---- -------
mode atomic
nv show system control-plane
Shows the control plane configuration.
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show system control-plane
nv show system control-plane acl
Shows the control plane ACLs configured on the switch. You use control plane ACLs to apply a single rule for all packets forwarded to the CPU regardless of the source interface or destination interface on the switch. Control plane ACLs allow you to regulate traffic forwarded to applications on the switch with more granularity than traps and to configure ACLs to block SSH from specific addresses or subnets.
Version History
Introduced in Cumulus Linux 5.5.0
Example
cumulus@switch:~$ nv show system control-plane acl
ACL Name Rule ID In Packets In Bytes Out Packets Out Bytes
--------- ------- ---------- -------- ----------- ---------
acl1 1 0 0 0 0
65535 0 0 0 0
acl2 1 0 0 0 0
65535 0 0 0 0
nv show system control-plane acl <acl-id>
Shows information about the specified control plane ACL.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.5.0
Example
cumulus@switch:~$ nv show system control-plane acl ACL1
nv show system control-plane acl <acl-id> statistics
Shows statistics for the specified control plane ACL.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
Version History
Introduced in Cumulus Linux 5.5.0
Example
cumulus@switch:~$ nv show system control-plane acl ACL1 statistics
Rule In Packet In Byte Out Packet Out Byte Summary
---- --------- ------- ---------- -------- ---------------------------
1 0 0 Bytes 0 0 Bytes match.ip.dest-ip: 9.1.2.3
2 0 0 Bytes 0 0 Bytes match.ip.source-ip: 7.8.2.3
nv show system control-plane acl <acl-id> statistics <rule-id>
Shows statistics for the specified control plane ACL rule.
Command Syntax
| Syntax | Description |
|---|---|
<acl-id> | The ACL name. |
<rule-id> | The rule number. |
Version History
Introduced in Cumulus Linux 5.5.0
Example
cumulus@switch:~$ nv show system control-plane acl ACL1 statistics 10
nv show system control-plane policer
Shows control plane policer configuration.
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show system control-plane policer
nv show system control-plane policer <policer-id>
Shows configuration information for a specific control plane policer.
Command Syntax
| Syntax | Description |
|---|---|
<policer-id> | The policer ID: arp, bfd, pim-ospf-rip, bgp, clag, icmp-def, dhcp-ptp, igmp, ssh, icmp6-neigh, icmp6-def-mld, lacp, lldp, rpvst, eapol, ip2me, acl-log, nat, stp, l3-local, span-cpu, unknown-ipmc, catch-all. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show system control-plane policer bfd
nv show system control-plane policer <policer-id> statistics
Shows statistics for a specific control plane policer.
Command Syntax
| Syntax | Description |
|---|---|
<policer-id> | The policer ID: arp, bfd, pim-ospf-rip, bgp, clag, icmp-def, dhcp-ptp, igmp, ssh, icmp6-neigh, icmp6-def-mld, lacp, lldp, rpvst, eapol, ip2me, acl-log, nat, stp, l3-local, span-cpu, unknown-ipmc, catch-all. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show system control-plane policer bfd statistics
nv show system control-plane trap
Shows the control plane trap configuration.
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show system control-plane trap
nv show system control-plane trap <trap-id>
Shows specific control plane trap configuration.
Command Syntax
| Syntax | Description |
|---|---|
<trap-id> | The trap ID. |
Version History
Introduced in Cumulus Linux 5.0.0
Example
cumulus@switch:~$ nv show system control-plane trap l3-mtu-err