Viewing the content of a specific ACL

Displays a specific IPv6 or IPv4 ACL configured in the running config file in an easy-to-read tabular format.


show access-list <identifier> [config]

Displays detailed information on the content of a specific ACL configured in the running-config file.


This information also appears in the show running display. If you execute write memory after configuring an ACL, it also appears in the show config display.

For information on IPv4 ACL operation, see the latest version of the ArubaOS-Switch Access Security Guide for your switch.

For example, suppose you configured the following two ACLs in the switch:



Desired action



  • Permit Telnet traffic from these two IPv6 addresses:
    • 2001:db8:0:1af::10: 14

    • 2001:db8:0:1af::10: 24

  • Deny Telnet traffic from all other devices in the same subnet.

  • Permit all other IPv6 traffic from the subnet.

  • Deny and log any IPv6 traffic from any other source.


IPv4 Extended

  • Permit any TCP traffic from to any destination.

  • Deny any other IP traffic from 10.30.133.(1–255).

  • Permit all other IP traffic from any source to any destination.

Use show access-list <identifier> to inspect a specific IPv6 or IPv4 ACL, as follows:

The show access-list <identifier> config command shows the same ACL data as show access-list <identifier> but in the format used by the show <run|config> commands to list the switch configuration.

An ACL listed with the config option

Switch(config)# show access-list List–120 config

ip access-list extended "List–120"
 10 remark "Telnet Allowed"
 10 permit tcp eq 23 precedence 0
 20 deny ip log
 30 permit ip