access list on interface

sem7433 · ‎01-14-2014

Hi..

Have trouble seeing the access lists on interfaces. In previous versions, you could see how the ip access list looked at respktive interface.
But the new Catalyst 3850 ver 3.2.02 so you can only see the access list that is located on each interface, but not how it looks.
Have had problems in the past with the ip access lists are not applied to the respective interface.

Anyone know how i see it.

switch1#sh authentication sessions interface Gi4/0/20 details

Interface: GigabitEthernet4/0/20

IIF-ID: 0x103B1C000001077

MAC Address: 00e0.c537.9e2d

IPv6 Address: Unknown

IPv4 Address: 10.101.233.78

User-Name: INV000000155986.ads.sfa.se

Status: Authorized

Domain: DATA

Oper host mode: multi-auth

Oper control dir: in

Session timeout: 28800s (server), Remaining: 28532s

Timeout action: Reauthenticate

Common Session ID: 0AC9F1080007C27169370036

Acct Session ID: 0x0007DD1A

Handle: 0x6C000E8A

Current Policy: POLICY_Gi4/0/20

Server Policies:

ACS ACL: xACSACLx-IP-IGEL-ACL-5297633a

Method status list:

Method State

dot1x Authc Success

mab Stopped

switch1#

switch1#sh ip access-lists interface Gi4/0/20

switch1#

on old switch:

switch_2#sh ip access-lists interface Gi1/0/12

permit icmp host 10.180.103.229 any echo-reply

permit udp host 10.180.103.229 host 192.168.40.11 eq ntp

permit udp host 10.180.103.229 any eq bootps

permit udp host 10.180.103.229 any eq bootpc

permit udp host 10.180.103.229 any eq domain

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq smtp

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq www

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 443

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 5000

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 4070

permit tcp host 10.180.103.229 any eq 5001

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 3269

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 3268

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 88

permit udp host 10.180.103.229 eq snmp 192.168.146.32 0.0.0.31

permit udp host 10.180.103.229 192.168.146.32 0.0.0.31 eq snmptrap

permit udp host 10.180.103.229 192.168.146.32 0.0.0.31 eq ntp

permit udp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 464

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 464

permit udp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 135

permit tcp host 10.180.103.229 192.168.146.32 0.0.0.31 eq 135

permit tcp host 10.180.103.229 10.180.0.0 0.0.255.255 eq 9100

permit tcp host 10.180.103.229 10.140.70.0 0.0.0.255 eq 9100

permit udp host 10.180.103.229 10.180.0.0 0.0.255.255 eq netbios-ns

permit udp host 10.180.103.229 eq netbios-ns 10.180.0.0 0.0.255.255

permit tcp host 10.180.103.229 10.180.0.0 0.0.255.255 eq 139

permit tcp host 10.180.103.229 10.180.0.0 0.0.255.255 eq 445

permit tcp host 10.180.103.229 any established

JohnTylerPearce · ‎01-14-2014

I'm not sure if that command is supported or not, I did a click look on a 3850 Cisco Configuration Guide and found the following.

show access-lists [number \| name]	Displays the contents of one or all current IP and MAC address access lists or a specific access list (numbered or named).
show ip access-lists [number \| name]	Displays the contents of all current IP access lists or a specific IP access list (numbered or named).
show ip interface interface-id	Displays detailed configuration and status of an interface. If IP is enabled on the interface and ACLs have been applied by using the ip access-group interface configuration command, the access groups are included in the display.
show running-config [interface interface-id]	Displays the contents of the configuration file for the switch or the specified interface, including all configured MAC and IP access lists and which access groups are applied to an interface.
show mac access-group [interface interface-id]	Displays MAC access lists applied to all Layer 2 interfaces or the specified Layer 2 interface.