Permitted packets are counted only when hardware counters are enabled using the hardware-count argument.
Denied packets are counted whether hardware counters are enabled or not.
To enter the dynamic template configuration mode, run dynamic-template command in the Global
Configuration mode(applicable only for BNG).
Under the dynamic template configuration mode, only the egress and ingress keywords are displayed.Note
For packet filtering applications using the ipv4/ipv6 access-group command, packet counters are maintained
in hardware for each direction. If an access group is used on multiple interfaces in the same direction, then
packets are counted for each interface that has the hardware-count argument enabled.
Note
If the access list permits the addresses, the software continues to process the packet. If the access list denies
the address, the software discards the packet and returns an Internet Control Message Protocol (ICMP) host
unreachable message.
If the specified access list does not exist, all packets are passed.
By default, the unique or per-interface ACL statistics are disabled.
Task ID
OperationTask ID
read, writeacl
read, writenetwork
read, writeconfig-services
Examples
This is an example of the show access-lists command:
RP/0/RSP0/CPU0:router# show access-lists
ipv4 access-list acl-common
10 permit ipv4 host 205.205.205.1 host 200.175.175.1 log-input
15 deny ipv4 any host 200.175.175.1
20 permit ipv4 host 205.205.205.1 host 201.175.175.1 log-input
25 deny ipv4 any host 201.175.175.1
30 permit ipv4 host 205.205.205.1 host 202.175.175.1 log-input
35 deny ipv4 any host 202.175.175.1
ipv4 access-list acl-unique1
10 permit ipv4 host 205.205.205.1 host 203.175.175.1 log-input
15 deny ipv4 any host 203.175.175.1
20 permit ipv4 any any
Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference, Release
5.2.x
67
ACL and ABF Commands
ipv4 access-group (BNG)
To Next Page
Loading...
Need help?
General
