show access-list
Syntax
show access-list [interface <ID>] [{in|out}] [{ip|ipv6|mac}] [<ACL-NAME>] [commands] [configuration] [vsx-peer]
Description
Shows various aspects of ACLs and their current usage.
The content of a specific ACL.
All ACLs of a specific type.
All ACLs applied to a specific port.
All ACLs applied in a particular direction.
Command context
Operator (>
) or Manager (#
)
Parameters
All parameters are optional.
interface <ID>
Specifies the display ACL information for a specific interface.
in|out
Selects
in
to limit the display to inbound (ingress) ACLs orout
to limit the display to outbound (egress) ACLs.ip|ipv6|mac
Selects to limit the display to an ACL type:
ip
for IPv4,ipv6
for IPv6, ormac
for MAC ACLs.<ACL-NAME>
Specifies display information matching this ACL name.
commands
Specifies output as the CLI commands showing the configured access control entries.
configuration
Specifies to display user-configured ACLs, even if they are not active due to command parameter or hardware issues. This parameter is useful if there is a mismatch between the entered configuration and the previous successfully programmed (active) ACLs.
[vsx-peer]
Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.
Authority
Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.
Examples
Displaying IPv4 ACL information:
switch# show access-list ip Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------ IPv4 MY_ACL 10 permit udp any 172.16.1.0/24 20 permit tcp 172.16.2.0/16 > 1023 any 30 permit tcp 172.26.1.0/24 any syn ack dscp 10 40 deny any any any Hit-counts: enabled ------------------------------------------------------------------------------
Displaying IPv4 ACLs as commands:
switch# show access-list ip commands access-list ip MY_ACL 10 permit udp any 172.16.1.0/24 20 permit tcp 172.16.2.0/16 gt 1023 any 30 permit tcp 172.26.1.0/24 any syn ack dscp 10 40 deny any any any count
switch# show access-list interface lag128 ipv6 in Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------ IPv6 MY_IPV6_ACL 10 permit udp any 2001::1/64 20 permit tcp 2001:2001::2:1/128 > 1023 any 30 permit tcp 2001:2011::1/64 40 deny any any any Hit-counts: enabled ------------------------------------------------------------------------------
switch# show access-list ipv6 commands access-list ipv6 MY_IPV6_ACL 10 permit udp any 2001::1/64 20 permit tcp 2001:2001::2:1/128 gt 1023 any 40 deny any any any count
switch# show access-list interface 1/1/1 mac in Type Name Sequence Comment Action EtherType Source MAC Address Destination MAC Address Additional Parameters ------------------------------------------------------------------------------ MAC MY_MAC_ACL 10 permit ipv6 1122.3344.5566/ffff.ffff.0000 any 20 permit any aaaa.bbbb.cccc 1111.2222.3333 QoS Priority Code Point: 4 30 deny any any any Hit-counts: enabled ------------------------------------------------------------------------------
switch# show access-list mac commands access-list mac MY_MAC_ACL 10 permit 1122.3344.5566/ffff.ffff.0000 any ipv6 20 permit aaaa.bbbb.cccc 1111.2222.3333 any pcp 4 30 deny any any any count