Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Monitoring Secure CLACL Configurations

    Purpose

    Display information about only secure CLACL configurations. This command and the output are visible only to authorized users—the mirror-enable command must be enabled before using this command. Use the brief or detail keywords with the show secure classifier-list command to display different levels of information.

    Action

    To display a list of secure CLACLs

    host1#show secure classifier-list
    
                             Classifier Control List Table
                             ---------- ------- ---- -----
    Secure IP secClassA.1 ip any any
    Secure IP secClassB.1 ip any not 10.10.10.1 255.255.255.255
    Secure IP secClass25.1 user-packet-class 8 source-route-class 100 ip
    192.168.44.103 255.255.255.255 any 

    Displays details of each secure CLACL

    host1#show secure classifier-list secClass25 detailed
    
                             Classifier Control List Table
                             ---------- ------- ---- -----
    Secure IP Classifier Control List secClass25
       Reference count:      0
       Entry count:          1
       Classifier-List secClass25 Entry 1
          User Packet Class:          8
          Source Route Class:         100
          Protocol:                   ip
          Not Protocol:               false
          Source IP Address:          192.168.44.103
          Source IP WildcardMask:     255.255.255.255
          Not Source Ip Address:      false
          Destination IP Address:     0.0.0.0
          Destination IP WildcardMask:255.255.255.255
          Not Destination Ip Address: false 

    Meaning

    Table 1 lists show secure classifier-list command output fields.

    Table 1: show secure classifier-list Output Fields

    Field Name

    Field Description

    Reference count

    Number of times the CLACL is referenced by policies

    Entry count

    Number of entries in the classifier list

    Classifier-List

    Name of the classifier list

    Entry

    Entry number of the classifier list rule

    Color

    Packet color to match: green, yellow, or red

    Protocol

    Protocol type

    Not Protocol

    If true, matches any protocol except the preceding protocol; if false, matches the preceding protocol

    Source IP Address

    Address of the network or host from which the packet is sent

    Source IP WildcardMask

    Mask that indicates addresses to be matched when specific bits are set

    Not Source Ip Address

    If true, matches any source IP address and mask except the preceding source IP address and mask; if false, matches the preceding source IP address and mask

    Destination IP Address

    Number of the network or host from which the packet is sent

    Destination IP WildcardMask

    Mask that indicates addresses to be matched when specific bits are set

    Not Destination Ip Address

    If true, matches any destination IP address and mask except the preceding destination IP address and mask; if false, matches the preceding destination IP address and mask

    Traffic Class

    Name of the traffic class to match

    User Packet Class

    User packet value to match

    DS Field

    DS field value to match

    TOS Byte

    ToS value to match

    Precedence

    Precedence value to match

    User Priority bits

    User priority bits value to match

    Traffic Class Field

    Traffic class field value to match

    EXP Bits

    MPLS EXP bit value to match

    EXP Mask

    Mask applied to EXP bits before matching

    DE Bit

    Frame Relay DE bit value to match5.2.0b1 ID-1381

    Destination Route Class

    Route class used to classify packets based on the packet’s destination address

    Source Route Class

    Route class used to classify packets based on the packet’s source address

    Local

    If true, matches packets destined to a local interface; if false, matches packets that are traversing the router

    Published: 2014-08-14