show access-list
Syntax
show access-list [interface <ID>] [{in|out}] [{ip|ipv6|mac}] [<ACL-NAME>] [commands] [configuration] [vsx-peer]Description
Shows various aspects of ACLs and their current usage.
The content of a specific ACL.
All ACLs of a specific type.
All ACLs applied to a specific port.
All ACLs applied in a particular direction.
Command context
Operator (>) or Manager (#)
Parameters
All parameters are optional.
interface <ID>Specifies the display ACL information for a specific interface.
in|outSelects
into limit the display to inbound (ingress) ACLs oroutto limit the display to outbound (egress) ACLs.ip|ipv6|macSelects to limit the display to an ACL type:
ipfor IPv4,ipv6for IPv6, ormacfor MAC ACLs.<ACL-NAME>Specifies display information matching this ACL name.
commandsSpecifies output as the CLI commands showing the configured access control entries.
configurationSpecifies to display user-configured ACLs, even if they are not active due to command parameter or hardware issues. This parameter is useful if there is a mismatch between the entered configuration and the previous successfully programmed (active) ACLs.
[vsx-peer]Shows the output from the VSX peer switch. If the switches do not have the VSX configuration or the ISL is down, the output from the VSX peer switch is not displayed.
Authority
Operators or Administrators. Users without administrator authority can execute this command from the operator context (>) only.
Examples
Displaying IPv4 ACL information:
switch# show access-list ip
Type Name
Sequence Comment
Action L3 Protocol
Source IP Address Source L4 Port(s)
Destination IP Address Destination L4 Port(s)
Additional Parameters
------------------------------------------------------------------------------
IPv4 MY_ACL
10 permit udp
any
172.16.1.0/24
20 permit tcp
172.16.2.0/16 > 1023
any
30 permit tcp
172.26.1.0/24
any
syn
ack
dscp 10
40 deny any
any
any
Hit-counts: enabled
------------------------------------------------------------------------------
Displaying IPv4 ACLs as commands:
switch# show access-list ip commands
access-list ip MY_ACL
10 permit udp any 172.16.1.0/24
20 permit tcp 172.16.2.0/16 gt 1023 any
30 permit tcp 172.26.1.0/24 any syn ack dscp 10
40 deny any any any count
switch# show access-list interface lag128 ipv6 in
Type Name
Sequence Comment
Action L3 Protocol
Source IP Address Source L4 Port(s)
Destination IP Address Destination L4 Port(s)
Additional Parameters
------------------------------------------------------------------------------
IPv6 MY_IPV6_ACL
10 permit udp
any
2001::1/64
20 permit tcp
2001:2001::2:1/128 > 1023
any
30 permit tcp
2001:2011::1/64
40 deny any
any
any
Hit-counts: enabled
------------------------------------------------------------------------------
switch# show access-list ipv6 commands
access-list ipv6 MY_IPV6_ACL
10 permit udp any 2001::1/64
20 permit tcp 2001:2001::2:1/128 gt 1023 any
40 deny any any any count
switch# show access-list interface 1/1/1 mac in
Type Name
Sequence Comment
Action EtherType
Source MAC Address
Destination MAC Address
Additional Parameters
------------------------------------------------------------------------------
MAC MY_MAC_ACL
10 permit ipv6
1122.3344.5566/ffff.ffff.0000
any
20 permit any
aaaa.bbbb.cccc
1111.2222.3333
QoS Priority Code Point: 4
30 deny any
any
any
Hit-counts: enabled
------------------------------------------------------------------------------
switch# show access-list mac commands
access-list mac MY_MAC_ACL
10 permit 1122.3344.5566/ffff.ffff.0000 any ipv6
20 permit aaaa.bbbb.cccc 1111.2222.3333 any pcp 4
30 deny any any any count