Show access list interface
When developing yet another Tcl script, I've stumbed across an interesting show command: the show ip access-list interface name introduced in IOS release 12.4(6)T displays the contents of the inbound and outbound IP access-list applied to the specified interface. The really nice part is that the ACL statistics (number of matches displayed next to the ACL lines) are kept and displayed per-interface. For example, this is the printout from one of my test routers:R2#show ip access-list 101Extended IP access list 101 10 permit ip any any (1900 matches) R2#show ip access-list interface tunnel 0Extended IP access list ICMP in 10 deny icmp any host 10.0.1.2 echo 20 deny icmp any host 10.2.0.2 echo 30 permit ip any any (2279 matches)Extended IP access list 101 out 10 permit ip any any (10 matches)
I want to add new ACL rules to a Cisco router. I have no previous experience with cisco. Many resources about Cisco acls have instructions on applying the acl rules to an interface. But I need to know which ACL rule is already active in an interface, so that I can add new rules to it. show interfaces command does not display the ACLs, which command is used to get the ACLs on an interface? Edit: this page states show ip access-list interface tunnel 0 command for displaying ACLs on an interface, but it is usable only on IOS 12.4 and newer. What are my options in an IOS 11.1 router? Solution: The issue is solved, but I don't know how :) I was told that somebody else™ fixed the issue.
I don't believe that there is anything simpler than show interfaces | Edit: From the comments below, @Santino pointed out a more concise RegEx: show ip interface | include line protocol|access listMy testing so far indicates that this gives the same results as my longer RegEx below. I usually use the following to find where ACLs are applied: show ip interface | include is up|is administratively|is down|Outgoing|InboundThis gives you every interface, no matter the state, then what the Outbound and Inbound ACL's are. For example: LAB-4510-A#show ip interface | include is up|is administratively|is down|Outgoing|Inbound Vlan1 is administratively down, line protocol is down Vlan110 is up, line protocol is up Outgoing access list is not set Inbound access list is VENDOR->INTERNET Vlan140 is administratively down, line protocol is down Outgoing access list is not set Inbound access list is not set Vlan150 is down, line protocol is down Outgoing access list is not set Inbound access list is VENDOR->INTERNET Vlan210 is up, line protocol is up Outgoing access list is not set Inbound access list is not set FastEthernet1 is administratively down, line protocol is down Outgoing access list is not set Inbound access list is not set GigabitEthernet1/1 is up, line protocol is up Outgoing access list is not set Inbound access list is not set GigabitEthernet1/2 is down, line protocol is down Inbound access list is not set Outgoing access list is not setAnd so on for every interface. This command works on both Cisco switches and routers. See sample output from a 7200 Router below: LAB-7204-A#show ip interface | include is up|is administratively|is down|Outgoing|Inbound GigabitEthernet0/1 is up, line protocol is up Outgoing access list is not set Inbound access list is not set FastEthernet0/2 is administratively down, line protocol is down GigabitEthernet0/2 is up, line protocol is up Outgoing access list is not set Inbound access list is not set GigabitEthernet0/3 is administratively down, line protocol is down SSLVPN-VIF0 is up, line protocol is up Outgoing access list is not set Inbound access list is not set Loopback0 is up, line protocol is up Outgoing access list is not set Inbound access list is not set Loopback1 is up, line protocol is up Outgoing access list is not set Inbound access list is not set
Table of Contents SummaryRequirementsConfiguration StepsCreate RSA Key PairForce SSH version 2Server AuthenticationServer Algorithm Key Exchange (KEX)Server Algorithm Host KeyServer Algorithm EncryptionServer Algorithm Message Authenticator Code (... view more
With the advent of Wi-Fi 6/6E and smart & sustainable buildings, there is a growing demand for high-density multigigabit and high power over ethernet ports at the access. Cisco has recently expanded its modular access switching portfolio and announced... view more
The Cisco® Catalyst® 9500 Series switch is Cisco’s lead fixed enterprise core switching platform and is part of the Catalyst 9000 family. The Cisco Catalyst 9500 high performance series was introduced in mid-2019 to provide a migration path for Catalyst 6... view more
|