Viewing the content of all ACLs on the switch
Lists the configuration details for every IPv4 and IPv6 ACL in the running-config file, regardless of whether any are actually assigned to filter traffic on specific interfaces.
Syntax:
show access-list config
Lists the configured syntax for all IPv4 and IPv6 ACLs currently configured on the switch.
You can use the output from this command for input to an offline text file in which you can edit, add, or delete ACL commands. See Creating or editing ACLs offline.
This information also appears in the
show running
output. If you execute
write memory
after configuring an ACL, it appears in the
show config
output.
For example, with two ACLs configured in the switch, you will see results similar to the following output:
An ACL configured syntax listing
Switch(config)# show access-list config ip access-list extended "101" 10 permit tcp 10.30.133.27 0.0.0.0 0.0.0.0 255.255.255.255 20 permit tcp 10.30.155.101 0.0.0.0 0.0.0.0 255.255.255.255 30 deny ip 10.30.133.1 0.0.0.0 0.0.0.0 255.255.255.255 log 40 deny ip 10.30.155.1 0.0.0.255 0.0.0.0 255.255.255.255 exit ipv6 access-list "Accounting" 10 permit tcp 2001:db8:0:1af::10:14/128 ::/0 eq 23 20 permit tcp 2001:db8:0:1af::10:23/128 ::/0 eq 23 30 deny tcp 2001:db8:0:1af::10/116 ::/0 log 40 permit ipv6 2001:db8:0:1af::10/116 ::/0 50 deny ipv6 ::/0 ::/0 log exit
The following example shows the ACLs on a switch configured with two IPv6 ACLs named “Accounting” and “List-01-Inbound”, and one extended IPv4 ACL named “101”:
An ACL configured syntax listing
Switch(config)# show access-list config ip access-list extended "101" 10 permit tcp 10.30.133.27 0.0.0.0 0.0.0.0 255.255.255.255 20 permit tcp 10.30.155.101 0.0.0.0 0.0.0.0 255.255.255.255 30 deny ip 10.30.133.1 0.0.0.0 0.0.0.0 255.255.255.255 log 40 deny ip 10.30.155.1 0.0.0.255 0.0.0.0 255.255.255.255 exit ipv6 access-list "Accounting" 10 permit tcp 2001:db8:0:1af::10:14/128 ::/0 eq 23 20 permit tcp 2001:db8:0:1af::10:23/128 ::/0 eq 23 30 deny tcp 2001:db8:0:1af::10/116 ::/0 log 40 permit ipv6 2001:db8:0:1af::10/116 ::/0 50 deny ipv6 ::/0 ::/0 log exit ipv6 access-list "List-01-Inbound" 10 permit icmp fe80::10:60/128 ::/0 dscp 38 20 permit icmp fe80::10:77/128 ::/0 dscp 38 30 permit icmp fe80::10:83/128 ::/0 dscp 38 40 deny icmp ::/0 ::/0 dscp 38 50 permit ipv6 fe80::10/112 ::/0 60 deny ipv6 fe80::/64 ::/0 exit