Displays ACL information for an ACL type and inbound and outbound directions. You can show information for a specific ACL or only for that ACL on a specific interface. You can also display information for all ACLs bound to an interface.
Privileged EXEC mode
You can show information for a specified ACL or only for that ACL on a specified interface. You can also display information for all ACLs bound to a specified physical interface, port-channel, VLAN or VE.
The command also displays information for receive-path ACLs.
The show access-list command displays the following information:
Output field | Description |
---|---|
Active | The rule is active and implements the configured action. |
Partial | The rule is partially programmed, with the configured action implemented in some cases. This is typically seen for logical interfaces like VLAN, which span multiple hardware resources. |
In progress | The rule is currently being programmed into the hardware. |
Inactive | The rule is inactive and is not programmed in the hardware. This is typically seen when the hardware resources limit is reached. |
device# show access-list ip Interface Ve 171 Inbound access-list is not set Outbound access-list is IPV4_ACL_000 (From User) Interface Ethernet 1/2 Inbound switched access-list is IP_ACL_STD_EXAMPLE (From User) Outbound access-list is IP_ACL_EXT_EXAMPLE (From User)
device# show access-list ip IPV4_ACL_000 out ip access-list IPV4_ACL_000 on Ve 171 at Egress (From User) seq 10 deny ip host 0.0.0.0 host 10.0.0.0 (Active)
device# show access-list ipv6 distList in ipv6 access-list distList on Ethernet 1/4 at Ingress (From User) seq 10 deny 2001:125:132:35::/64 (Active) seq 20 deny 2001:54:131::/64 (Active) seq 30 deny 2001:5409:2004::/64 (Active) seq 40 permit any (Active)
device# show access-list interface ethernet 1/4 in ipv6 access-list ipv6-std-acl on Ethernet 1/4 at Ingress (From User) seq 10 permit host 0:1::1 (Active) seq 20 deny 0:2::/64 (Active) seq 30 hard-drop any count (Active)
device# show access-list receive ipv6 ipv6_1 ip access-list extended ipv6_1 seq 10 permit ipv6 any any count (Active)