View NACM ConfigurationΒΆ

The current NACM configuration can be viewed with the show nacm command:

tnsr# show nacm

NACM
====
NACM Enable: true
Default Read policy : deny
Default Write policy: deny
Default Exec policy : deny

Group: admin
-----------
    root
    tnsr

Rule List: admin-rules
----------------------
Groups:
    admin

Name        Action Op Module Type
----------- ------ -- ------ ----
permit-all  permit *  *

This may be narrowed down to only show part of the configuration.

To view all groups:

tnsr# show nacm group

NACM
====

Group: admin
-----------
    root
    tnsr

Group: readonly
-----------
    olly
    reed

To view a specific group, use show nacm group <group-name>:

tnsr# show nacm group admin

NACM
====

Group: admin
-----------
    root
    tnsr

To view all rule lists:

tnsr# show nacm rule-list

NACM
====
Rule List: admin-rules
----------------------
Groups:
    admin

Name        Action Op   Module Type
----------- ------ ---- ------ ----
permit-all  permit *    *

Rule List: ro-rules
----------------------
Groups:

Name        Action Op   Module Type
----------- ------ ---- ------ ----
ro          permit exec *
read        deny   *    *

To view a specific rule list, use show nacm rule-list <list-name>:

tnsr# show nacm rule-list admin-rules

NACM
====
Rule List: admin-rules
----------------------
Groups:
    admin

Name        Action Op Module Type
----------- ------ -- ------ ----
permit-all  permit *  *