Show IP access lists attached to an interface

When developing yet another Tcl script, I've stumbed across an interesting show command: the show ip access-list interface name introduced in IOS release 12.4(6)T displays the contents of the inbound and outbound IP access-list applied to the specified interface. The really nice part is that the ACL statistics (number of matches displayed next to the ACL lines) are kept and displayed per-interface. For example, this is the printout from one of my test routers:
R2#show ip access-list 101
Extended IP access list 101
10 permit ip any any (1900 matches)
R2#show ip access-list interface tunnel 0
Extended IP access list ICMP in
10 deny icmp any host 10.0.1.2 echo
20 deny icmp any host 10.2.0.2 echo
30 permit ip any any (2279 matches)
Extended IP access list 101 out
10 permit ip any any (10 matches)

1 comments:

  1. Excellent.

    Have you covered access-lists applied to Tunnel interfaces?
Add comment
Sidebar