show access-list identifier

Syntax

show access-list identifier [ config ]

Description

Displays detailed information on the content of a specific ACL configured in the running-config file.

NOTE:

This information also appears in the show running display. If you execute write memory after configuring an ACL, it also appears in the show config display.

For information on IPv4 ACL operation, see the latest version of the Aruba-OS Switch Access Security Guide for your switch.

Example

Viewing the content of a specific ACL

Suppose you configured the following two ACLs in the switch:

Identifier

Type

Desired action

Accounting

IPv6

  • Permit Telnet traffic from these two IPv6 addresses:

    • 2001:db8:0:1af::10: 14

    • 2001:db8:0:1af::10: 24

  • Deny Telnet traffic from all other devices in the same subnet.

  • Permit all other IPv6 traffic from the subnet.

  • Deny and log any IPv6 traffic from any other source.

List-120

IPv4 Extended

  • Permit any TCP traffic from 10.30.133.27 to any destination.

  • Deny any other IP traffic from 10.30.133.(1 - 255).

  • Permit all other IP traffic from any source to any destination.

Example

Listing an IPv6 ACL 

Switch(config)# show access-list Accounting
Access Control Lists
  Name: Accounting
  Type: ipv6
  Applied: Yes 1

 SEQ  Entry
--------------------------------------------------------
 10   Action: permit
      Remark: Telnet Allowed 2
      3 Src IP: 2001:db8:0:1af::10:14     4 Prefix Len: 128
      5 Dst IP: ::                        6 Prefix Len: 0
      7 Src Port(s):  8 Dst Port(s): eq 23
      9 Proto : TCP  Option(s):
      10 Dscp : -

 20   Action: permit
      Src IP: 2001:db8:0:1af::10:23     Prefix Len: 128
      Dst IP: ::                        Prefix Len: 0
      Src Port(s):  Dst Port(s): eq 23
      Proto : TCP  Option(s):
      Dscp : -

 30   Action: deny (log)
      Src IP: 2001:db8:0:1af::10        Prefix Len: 116
      Dst IP: ::                        Prefix Len: 0
      Src Port(s):  Dst Port(s):
      Proto : TCP  Option(s):
      Dscp : -

 40   Action: permit
      Src IP: 2001:db8:0:1af::10        Prefix Len: 116
      Dst IP: ::                        Prefix Len: 0
      Src Port(s):  Dst Port(s):
      Proto : IPV6
      Dscp : -

1 Indicates whether the ACL is applied to an interface

2 Remark Field (Appears if remark configured.)

3 Source Address

4 Source and Destination Prefix Lengths

5,6 Destination Address

7 TCP Source Port

8 TCP Destination Port

9 Protocol Data

10 DSCP Codepoint or Precedence

An ACL listed with the config option 

Port-1(config)# show access-list List-120 config
ip access-list extended "List-120"
 10 remark "Telnet Allowed"
 10 permit tcp 10.30.133.27 0.0.0.0 eq 23 0.0.0.0 255.255.255.255 precedence 0 established
 20 deny ip 10.30.133.1 0.0.0.255 0.0.0.0 255.255.255.255 log
 30 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
 exit