Show IP access lists attached to an interface
When developing yet another Tcl script, I've stumbed across an interesting show command: the show ip access-list interface name introduced in IOS release 12.4[6]T displays the contents of the inbound and outbound IP access-list applied to the specified interface. The really nice part is that the ACL statistics [number of matches displayed next to the ACL lines] are kept and displayed per-interface. For example, this is the printout from one of my test routers:R2#show ip access-list 101
Extended IP access list 101
10 permit ip any any [1900 matches]
R2#show ip access-list interface tunnel 0
Extended IP access list ICMP in
10 deny icmp any host 10.0.1.2 echo
20 deny icmp any host 10.2.0.2 echo
30 permit ip any any [2279 matches]
Extended IP access list 101 out
10 permit ip any any [10 matches]
- security
- network management
- command line interface