Cisco IOS Command Tip – Showing ACLs Applied On An Interface
ACLs are a very important topic for the CCNA exam and any CCNA network engineer needs to understand how to use them well. I’m not a big fan of doing “show run” when there alternative commands available, especially if they can be run without privileged access. I mentioned in a previous post about the 3 Command Line Habits a CCNA network engineer should have, and staying out of enable mode (unless necessary) is one of them.
One of the tasks we often need to do is to find out what ACLs are applied to an interface. Often many novice network engineers would do this:
Router#sh run int fa1/0
Building configuration...Current configuration : 137 bytes ! interface FastEthernet1/0 description External Link no switchport ip address 15.0.0.1 255.255.255.0 ip access-group MY-ACL in end
Showing the running configuration of an interface requires you to be in enable mode and what the router (or switch, as the case may be) will need to actually generate the runtime configuration and display it.
A faster way would be to do this (this may not work in older versions of IOS):
Router>sh ip int fa1/0
FastEthernet1/0 is up, line protocol is down
Internet address is 15.0.0.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is MY-ACL
Of course, we are also able to view the ACL with the associated line numbers without entering privileged mode.
Router>sh ip access MY-ACL
Extended IP access list MY-ACL
10 permit ip 20.0.0.0 0.0.0.255 15.0.0.0 0.0.0.255
20 deny ip any any log
Router>
Hope that this has been a useful tip. Please help me by filling out this survey and letting know what you need to know. Please subscribe to my RSS feed so you won’t miss any new posts.
Cheers,
Francis (@savvynetcert)
