Verifying Access Lists

Verifying Access Lists

Objectives:

  • Verify and monitor ACLs in a network environment
  • Troubleshoot ACL issues

You can use three commands to verify your access list configuration. These commands are show running-config, show ip interface, and show access-lists.

show running-config

Although this command can be used to verify nearly any configuration on your Cisco router, it is especially useful when you are working with access lists. There is no other command that can quickly show you where access lists are applied without requiring you to weed through excessive amounts of output. The following output has been trimmed down for brevity.

show ip interface

This command shows you where your access lists are applied, as long as you are patient enough to weed through the excessive amounts of output. The following command views the access lists applied to interface serial 1/0. Pay particular attention to lines 10 and 11.

show ip access-lists

Initially, this command might look like a concise version of show running-config. However, it has one very handy feature that the other show commands lack: the capability to show how many packets have matched a given line in an access-list. This capability can be critical in times of troubleshooting and verification. In the following example, you can see that there is a single access list (30) that has three lines. Next to each line, the number of packets that have matched those entries is displayed.

About the author

Prasanna

Leave a Comment