Viewing the content of all ACLs on the switch

Lists the configuration details for every IPv4 and IPv6 ACL in the running-config file, regardless of whether any are actually assigned to filter traffic on specific interfaces.

Syntax:

show access-list config

Lists the configured syntax for all IPv4 and IPv6 ACLs currently configured on the switch.

NOTE:

You can use the output from this command for input to an offline text file in which you can edit, add, or delete ACL commands. See Creating or editing ACLs offline.

This information also appears in the show running output. If you execute write memory after configuring an ACL, it appears in the show config output.

For example, with two ACLs configured in the switch, you will see results similar to the following output:

An ACL configured syntax listing

Switch(config)# show access-list config

ip access-list extended "101"
     10 permit tcp 10.30.133.27 0.0.0.0 0.0.0.0 255.255.255.255
     20 permit tcp 10.30.155.101 0.0.0.0 0.0.0.0 255.255.255.255
     30 deny ip 10.30.133.1 0.0.0.0 0.0.0.0 255.255.255.255 log
     40 deny ip 10.30.155.1 0.0.0.255 0.0.0.0 255.255.255.255
   exit
ipv6 access-list "Accounting"
     10 permit tcp 2001:db8:0:1af::10:14/128 ::/0 eq 23
     20 permit tcp 2001:db8:0:1af::10:23/128 ::/0 eq 23
     30 deny tcp 2001:db8:0:1af::10/116 ::/0 log
     40 permit ipv6 2001:db8:0:1af::10/116 ::/0
     50 deny ipv6 ::/0 ::/0 log
   exit

The following example shows the ACLs on a switch configured with two IPv6 ACLs named “Accounting” and “List-01-Inbound”, and one extended IPv4 ACL named “101”:

An ACL configured syntax listing

Switch(config)# show access-list config

ip access-list extended "101"
     10 permit tcp 10.30.133.27 0.0.0.0 0.0.0.0 255.255.255.255
     20 permit tcp 10.30.155.101 0.0.0.0 0.0.0.0 255.255.255.255
     30 deny ip 10.30.133.1 0.0.0.0 0.0.0.0 255.255.255.255 log
     40 deny ip 10.30.155.1 0.0.0.255 0.0.0.0 255.255.255.255
   exit
ipv6 access-list "Accounting"
     10 permit tcp 2001:db8:0:1af::10:14/128 ::/0 eq 23
     20 permit tcp 2001:db8:0:1af::10:23/128 ::/0 eq 23
     30 deny tcp 2001:db8:0:1af::10/116 ::/0 log
     40 permit ipv6 2001:db8:0:1af::10/116 ::/0
     50 deny ipv6 ::/0 ::/0 log
   exit
ipv6 access-list "List-01-Inbound"
     10 permit icmp fe80::10:60/128 ::/0 dscp 38
     20 permit icmp fe80::10:77/128 ::/0 dscp 38
     30 permit icmp fe80::10:83/128 ::/0 dscp 38
     40 deny icmp ::/0 ::/0 dscp 38
     50 permit ipv6 fe80::10/112 ::/0
     60 deny ipv6 fe80::/64 ::/0
   exit