Monitoring Secure CLACL Configurations

Purpose

Display information about only secure CLACL configurations. This command and the output are visible only to authorized users—the mirror-enable command must be enabled before using this command. Use the brief or detail keywords with the show secure classifier-list command to display different levels of information.

Action

To display a list of secure CLACLs

host1#show secure classifier-list
                         Classifier Control List Table
                         ---------- ------- ---- -----
Secure IP secClassA.1 ip any any
Secure IP secClassB.1 ip any not 10.10.10.1 255.255.255.255
Secure IP secClass25.1 user-packet-class 8 source-route-class 100 ip
192.168.44.103 255.255.255.255 any 

Displays details of each secure CLACL

host1#show secure classifier-list secClass25 detailed
                         Classifier Control List Table
                         ---------- ------- ---- -----
Secure IP Classifier Control List secClass25
   Reference count:      0
   Entry count:          1
   Classifier-List secClass25 Entry 1
      User Packet Class:          8
      Source Route Class:         100
      Protocol:                   ip
      Not Protocol:               false
      Source IP Address:          192.168.44.103
      Source IP WildcardMask:     255.255.255.255
      Not Source Ip Address:      false
      Destination IP Address:     0.0.0.0
      Destination IP WildcardMask:255.255.255.255
      Not Destination Ip Address: false 

Meaning

Table 69 lists show secure classifier-list command output fields.

Table 69: show secure classifier-list Output Fields

Field Name

Field Description

Reference count

Number of times the CLACL is referenced by policies

Entry count

Number of entries in the classifier list

Classifier-List

Name of the classifier list

Entry

Entry number of the classifier list rule

Color

Packet color to match: green, yellow, or red

Protocol

Protocol type

Not Protocol

If true, matches any protocol except the preceding protocol; if false, matches the preceding protocol

Source IP Address

Address of the network or host from which the packet is sent

Source IP WildcardMask

Mask that indicates addresses to be matched when specific bits are set

Not Source Ip Address

If true, matches any source IP address and mask except the preceding source IP address and mask; if false, matches the preceding source IP address and mask

Destination IP Address

Number of the network or host from which the packet is sent

Destination IP WildcardMask

Mask that indicates addresses to be matched when specific bits are set

Not Destination Ip Address

If true, matches any destination IP address and mask except the preceding destination IP address and mask; if false, matches the preceding destination IP address and mask

Traffic Class

Name of the traffic class to match

User Packet Class

User packet value to match

DS Field

DS field value to match

TOS Byte

ToS value to match

Precedence

Precedence value to match

User Priority bits

User priority bits value to match

Traffic Class Field

Traffic class field value to match

EXP Bits

MPLS EXP bit value to match

EXP Mask

Mask applied to EXP bits before matching

DE Bit

Frame Relay DE bit value to match5.2.0b1 ID-1381

Destination Route Class

Route class used to classify packets based on the packet’s destination address

Source Route Class

Route class used to classify packets based on the packet’s source address

Local

If true, matches packets destined to a local interface; if false, matches packets that are traversing the router

Related Documentation