Viewing ACL and MACIP Information

The show acl [<name>] command prints a list of defined ACLs and their actions. If <name> is given, then output is limited to the specified ACL.

tnsr# show acl

Access Control List: blockssh
 IPv Seq Action     Source           Dest Proto     SP/T  DP/C Flag Mask
---- --- ------ ---------- -------------- ----- -------- ----- ---- ----
ipv4  10   deny   tcp  0-65535 22-22 0x00 0x00
ipv4  20 permit     0

The show macip [<name>] command works the same way for MACIP entries:

tnsr(config)# show macip

MACIP ACL: blockamac
  AF Seq Action  IP Prefix       MAC Address
---- --- ------ ---------- ----------------- -----------------
ipv4  10   deny  00:11:22:33:44:55 ff:ff:ff:ff:ff:ff

Viewing ACLs on Interfaces

The Interface Status command can display which ACLs are present on interfaces (Interface Configuration Options).

When viewing all interface information, the ACLs are printed inline:

tnsr# show interface GigabitEthernet6/0/0
Interface: GigabitEthernet6/0/0
    Description: Uplink
    Admin status: up
    Link up, link-speed 1 Gbps, full duplex
    Link MTU: 1500 bytes
    MAC address: 00:90:0b:7a:8a:67
    VRF: default
    IPv4 addresses:
    IPv6 addresses:
    Input ACLs
        10: blockbadhosts
        queue-id 0 : cpu-id 3 : rx-mode polling
    detailed counters:
      received: 421792141 bytes, 2717280 packets, 0 errors
      received unicast: 49279596 bytes, 433372 packets
      received multicast: 365681484 bytes, 2193178 packets
      received broadcast: 6831061 bytes, 90730 packets
      transmitted: 28717286 bytes, 243492 packets, 7 errors
      transmitted unicast: 28264786 bytes, 239258 packets
      transmitted multicast: 414532 bytes, 3330 packets
      transmitted broadcast: 37968 bytes, 904 packets
      protocols: 519330 IPv4, 189633 IPv6
      2289304 drops, 12390 punts, 0 rx miss, 0 rx no buffer

To view a summary of all ACLs used by interfaces, use the access-list filtering option:

tnsr# show interface access-list
Interface: GigabitEthernet6/0/0
    Input ACLs
        10: blockbadhosts
Interface: GigabitEthernet6/0/1
    Input ACLs
        10: blockbadhosts

To view only ACLs for a single interface, both the interface name and the access-list filtering option can be used together:

tnsr# show interface GigabitEthernet6/0/0 acl
Interface: GigabitEthernet6/0/0
    Input ACLs
        10: blockbadhosts