Viewing ACL and MACIP Information

The show acl [<name>] command prints a list of defined ACLs and their actions. If <name> is given, then output is limited to the specified ACL.

tnsr# show acl

Access Control List: blockssh
 IPv Seq Action     Source           Dest Proto     SP/T  DP/C Flag Mask
---- --- ------ ---------- -------------- ----- -------- ----- ---- ----
ipv4  10   deny   tcp  0-65535 22-22 0x00 0x00
ipv4  20 permit     0

The show macip [<name>] command works the same way for MACIP entries:

tnsr(config)# show macip

MACIP ACL: blockamac
  AF Seq Action  IP Prefix       MAC Address
---- --- ------ ---------- ----------------- -----------------
ipv4  10   deny  00:11:22:33:44:55 ff:ff:ff:ff:ff:ff

Viewing ACLs on Interfaces

The show interface command can display which ACLs are present on interfaces (Interface Configuration Options).

When viewing all interface information, the ACLs are printed inline:

tnsr# show interface GigabitEthernet6/0/0
Interface: GigabitEthernet6/0/0
    Description: Uplink
    Admin status: up
    Link up, link-speed 1000 Mbps, full duplex
    Link MTU: 1500 bytes
    MAC address: 00:90:0b:7a:8a:67
    IPv4 MTU: 0 bytes
    IPv4 Route Table: ipv4-VRF:0
    IPv4 addresses:
    IPv6 MTU: 0 bytes
    IPv6 Route Table: ipv6-VRF:0
    IPv6 addresses:
    Input ACLs
        10: blockbadhosts
    VLAN tag rewrite: disable
        queue-id 0 : cpu-id 1
    detailed counters:
      received: 9460961 bytes, 52985 packets, 0 errors
      received unicast: 108752 bytes, 776 packets
      received multicast: 9147108 bytes, 49377 packets
      received broadcast: 205101 bytes, 2832 packets
      transmitted: 129422 bytes, 995 packets, 19 errors
      transmitted unicast: 121938 bytes, 917 packets
      transmitted multicast: 7232 bytes, 72 packets
      transmitted broadcast: 252 bytes, 6 packets
      protocols: 2421 IPv4, 3458 IPv6
      52295 drops, 0 punts, 0 rx miss, 0 rx no buffer

To view a summary of all ACLs used by interfaces, use the access-list filtering option:

tnsr# show interface access-list
Interface: GigabitEthernet6/0/0
    Input ACLs
        10: blockbadhosts
Interface: GigabitEthernet6/0/1
    Input ACLs
        10: blockbadhosts

To view only ACLs for a single interface, both the interface name and the access-list filtering option can be used together:

tnsr# show interface GigabitEthernet6/0/0 acl
Interface: GigabitEthernet6/0/0
    Input ACLs
        10: blockbadhosts