show ip access-control-list

Last Updated : Nov 06, 2012 |

Displays the attributes of a specific access control list on the current interface or all lists.

Syntax

show ip access-control-list {list_number | all | active-list-in | active-list-out | active-list-in-out} [detailed]

Parameters

Parameter

Description

Possible Values

Default Value

list_ number

The access control list to display

all

Keyword specifying to display attributes for all access control lists

active-list-in

Keyword specifying to display lists for the in direction

active-list-out

Keyword specifying to display lists for the out direction

active-list-in-out

Keyword specifying to display lists for in and out directions

detailed

Keyword specifying to display detailed information

User level

read-write

Context

general, interface:Serial (DS1 PPP L2-L3, DS1 PPP L3, DS1 FR-SUB L2-L3, DS1 FR-SUB L3, USP PPP L2-L3, USP PPP L3), FastEthernet (L2, L2-L3), VLAN (L2, L2-L3), Loopback (L2, L2-L3), Tunnel (L2, L2-L3), Dialer (L2, L2-L3)

Examples

To display detailed information about all access control lists:

Gxxx-001(super)# show ip access-control-list all detailed
List Number: 300
---------------
List Name: Default ACL List
Default Action: permit
Owner: other
List Number: 320
---------------
List Name: Sync1
Default Action: permit
Owner: x9393
List Number: 330
---------------
List Name: Admin13
Default Action: permit
Owner: Charlie

To display attributes of access control list 330:

Gxxx-001(super)# show ip access-control-list 330
Index Name                            Owner
----- ------------------------------- --------------------------
330   list #330                       other
ip options: Permit
ip fragments : Permit
Index Protocol     IP               Wildcard        Port         Operation
----- -------- --- ---------------- --------------- ------------ --------
22     tcp     Src  Any                              Any         Permit
               Dst  Any                              Any
Deflt  Any     Src  Any                              Any         Permit
               Dst  Any                              Any

To display detailed information about all access control lists on the VLAN 1 interface:

Gxxx-001(if:Vlan 1)# show ip access-control-list all detailed
List Number: 300
---------------
List Name: Default ACL List
Default Action: permit
Owner: other
List Number: 320
---------------
List Name: Sync1
Default Action: permit
Owner: x9393
List Number: 330
---------------
List Name: Admin13
Default Action: permit
Owner: Charlie

Following is an example of the output that appears if DoS-classification is configured:

Index    Protocol     IP          Wildcard       Port   Operation
         DSCP                                           Fragment rule
-----    ------  ---  ---------   -------------- ------ --------------
123      Any     Src  1.2.3.4     Host           Any    Permit
         Any     Dst  Any                        Any    No
Dos classification: other-attack
234      Any     Src  2.2.2.2     Host           Any    Permit
         Any     Dst  Any                        Any    No
Dos classification: fraggle
345      Any     Src  3.3.3.3     Host           Any     Permit
         Any     Dst  Any                        Any     No
Dos classification: ip-spoofing
Deflt    Any     Src  Any                        Any     Permit
         Any     Dst  Any                        Any     No