Show accesslists

To display the contents of current access lists, use the show access-lists privileged EXEC command. show access-lists [access-list-number | name]

Syntax Description access-list-number (Optional) Number of the access list to display. The system displays all access lists by default.

name (Optional) Name of the IP access list to display.

Defaults The system displays all access lists.

Command Modes Privileged EXEC

Examples The following is sample output from the show access-lists command when access list 101 is specified:

Router# show access-lists 101

Extended IP access list 101

Router# show access-lists 101

Extended IP access list 101

permit

tcp

host 1

98.

92.

32

.130

any

established (4304 matches)

permit

udp

host 1

98.

92.

32

.130

any

eq domain (12 9 matches)

permit

icmp host

198

.92

.32.13 0 any

permit

tcp

host 1

98.

92.

32

.130

host

171

.69

.2.141 gt 1023

permit

tcp

host 1

98.

92.

32

.130

host

171

.69

.2.135 eq smtp (2 matches)

permit

tcp

host 1

98.

92.

32

.130

host

198

.92

.30.32 eq smtp

permit

tcp

host 1

98.

92.

32

.130

host

171

.69

.108.33 eq smtp

permit

udp

host 1

98.

92.

32

.130

host

171

.68

.225.190 eq syslog

permit

udp

host 1

98.

92.

32

.130

host

171

.68

.225.126 eq syslog

deny

ip

150

136

.0.

0 0

.0

.255

.255

224.

0.0

.0 15.255.255.255

deny

ip

171

68

0 0

0

1

255.

255 224.0

.0.

0 15.255.255.255 (2 matches)

deny

ip

172

24.

24.

0 0

.0

.1.255 224.0.

0.0

15.255.255.255

deny

ip

192

82.

152

.0

0.

0.0.

255 224.0

.0.

0 15.255.255.255

deny

ip

192

122

.173.0

0

.0.0

.255

224.

0.0

.0 15.255.255.255

deny

ip

192

122

.174.0

0

.0.0

.255

224.

0.0

.0 15.255.255.255

deny

ip

192

135

.23

9.0

0

.0.0

.255

224.

0.0

.0 15.255.255.255

deny

ip

192

135

.240.0

0

.0.7

.255

224.

0.0

.0 15.255.255.255

deny

ip

192

135

.24

8.0

0

.0.3

.255

224.

0.0

.0 15.255.255.255

deny

ip

192

150

.42

.0

0.

0.0.

255 224.0

.0.

0 15.255.255.255

An access list counter counts how many packets are allowed by each line of the access list. This number is displayed as the number of matches.

For information on how to configure access lists, refer to the "Configuring IP Services" chapter of the Network Protocols Configuration Guide, Part 1.

For information on how to configure dynamic access lists, refer to the "Traffic Filtering and Firewalls" chapter of the Security Configuration Guide.

Related Commands Command Description

access-list (IP extended)

Defines an extended IP access list.

access-list (IP standard)

Defines a standard IP access list.

clear access-list counters

Clears the counters of an access list.

clear access-template

Clears a temporary access list entry from a dynamic access list

manually.

ip access-list

Defines an IP access list by name.

show access-lists

Displays the contents of all current IP access lists.

Was this article helpful?

0 0

Post a comment