Viewing ACL and MACIP Information¶
The show acl [<name>]
command prints a list of defined ACLs and their
actions. If <name>
is given, then output is limited to the specified ACL.
tnsr# show acl
Access Control List: blockssh
IPv Seq Action Source Dest Proto SP/T DP/C Flag Mask
---- --- ------ ---------- -------------- ----- -------- ----- ---- ----
ipv4 10 deny 0.0.0.0/0 203.0.113.2/32 tcp 0-65535 22-22 0x00 0x00
ipv4 20 permit 0.0.0.0/0 0.0.0.0/0 0
The show macip [<name>]
command works the same way for MACIP entries:
tnsr(config)# show macip
MACIP ACL: blockamac
AF Seq Action IP Prefix MAC Address
---- --- ------ ---------- ----------------- -----------------
ipv4 10 deny 0.0.0.0/0 00:11:22:33:44:55 ff:ff:ff:ff:ff:ff
Viewing ACLs on Interfaces¶
The Interface Status command can display which ACLs are present on interfaces (Interface Configuration Options).
When viewing all interface information, the ACLs are printed inline:
tnsr# show interface GigabitEthernet6/0/0
Interface: GigabitEthernet6/0/0
Description: Uplink
Admin status: up
Link up, link-speed 1 Gbps, full duplex
Link MTU: 1500 bytes
MAC address: 00:90:0b:7a:8a:67
VRF: default
IPv4 addresses:
203.0.113.2/24
IPv6 addresses:
2001:db8:0:2::2/64
fe80::290:bff:fe7a:8a67/64
Input ACLs
10: blockbadhosts
Rx-queues:
queue-id 0 : cpu-id 3 : rx-mode polling
detailed counters:
received: 421792141 bytes, 2717280 packets, 0 errors
received unicast: 49279596 bytes, 433372 packets
received multicast: 365681484 bytes, 2193178 packets
received broadcast: 6831061 bytes, 90730 packets
transmitted: 28717286 bytes, 243492 packets, 7 errors
transmitted unicast: 28264786 bytes, 239258 packets
transmitted multicast: 414532 bytes, 3330 packets
transmitted broadcast: 37968 bytes, 904 packets
protocols: 519330 IPv4, 189633 IPv6
2289304 drops, 12390 punts, 0 rx miss, 0 rx no buffer
To view a summary of all ACLs used by interfaces, use the access-list
filtering option:
tnsr# show interface access-list
Interface: GigabitEthernet6/0/0
Input ACLs
10: blockbadhosts
Interface: GigabitEthernet6/0/1
Input ACLs
10: blockbadhosts
To view only ACLs for a single interface, both the interface name and the
access-list
filtering option can be used together:
tnsr# show interface GigabitEthernet6/0/0 acl
Interface: GigabitEthernet6/0/0
Input ACLs
10: blockbadhosts