28-22
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 28 Configuring Network Security with ACLs
Displaying ACL Information
Displaying Access Groups
Note This feature is available only if your switch is running the EI.
You use the ip access-group interface configuration command to apply ACLs to a Layer 3 interface.
When IP is enabled on an interface, you can use the show ip interface interface-id privileged EXEC
command to view the input and output access lists on the interface, as well as other interface
characteristics. If IP is not enabled on the interface, the access lists are not shown.
This example shows how to view all access groups configured for VLAN 1:
Switch# show ip interface vlan 1
Vlan1 is up, line protocol is up
Internet address is 10.20.30.1/16
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is permit Any
Inbound access list is 13
<information truncated>
This example shows how to view all access groups configured for an interface:
Switch# show ip interface fastethernet0/9
FastEthernet0/9 is down, line protocol is down
Inbound access list is ip1
The only way to ensure that you can view all configured access groups under all circumstances is to use
the show running-config privileged EXEC command. To display the ACL configuration of a single
interface, use the show running-config interface interface-id command.
This example shows how to display the ACL configuration of Gigabit Ethernet interface 0/1:
Switch# show running-config interface gigabitethernet0/1
Building configuration...
Current configuration :112 bytes
!
interface GigabitEthernet0/1
ip access-group 11 in
snmp trap link-status
no cdp enable
end!
To Next Page
Loading...
