Acl T Roubleshooting; Command For Monitor And Debug - Edge-Core ES4624-SFP Manual

interface name:Ethernet1/10
the ingress acl use in firewall is 110.
22.4 ACL Troubleshooting
Checking for entries in the ACL is done in a top-down order and ends whenever an
entry is matched.
Default rule will be used only if no ACL is bound to the specific direction of the port,
or no ACL entry is matched.
Applies to IP packets incoming on all ports, and has no effect on other types of
packets.
One port can bound to only one incoming ACL.
The number of ACLs that can be successfully bound depends on the content of the
ACL bound and the hardware resource limit. Users will be prompted if an ACL cannot
be bound due to hardware resource limitation.
If an access-list contains same filtering information but conflicting action rules,
binding to the port will fail with an error message. For instance, configuring "permit
tcp any any-destination" and "deny tcp any any-destination" at the same time is not
permitted.
Viruses such as "worm.blaster" can be blocked by configuring ACL to block specific
ICMP packets or specific TCP or UDP port packet.

22.4.1 Command for Monitor And Debug

22.4.1.1 show access-lists
Command: show access-lists [<num>|<acl-name>]
Functions: Reveal ACL of configuration
Parameters: <acl-name>, specific ACL name character string; <num>, specific ACL No.
Default: None
Command Mode:Admin mode
Usage Guide: When not assigning names of ACL, all ACL will be revealed, used x time
（s）indicates the times of ACL to be used.
Examples:
Switch#show access-lists
access-list 10(used 0 time(s))
access-list 10 deny any
access-list 100(used 1 time(s))
828