Cisco Support Community
Community Member

access list on interface


Have trouble seeing the access lists on interfaces. In previous versions, you could see how the ip access list looked at respktive interface.
But the new Catalyst 3850 ver 3.2.02 so you can only see the access list that is located on each interface, but not how it looks.
Have had problems in the past with the ip  access lists are  not applied to  the respective interface.
Anyone know how i see it.

switch1#sh authentication sessions interface Gi4/0/20 details

            Interface:  GigabitEthernet4/0/20

               IIF-ID:  0x103B1C000001077

          MAC Address:  00e0.c537.9e2d

         IPv6 Address:  Unknown

         IPv4 Address:


               Status:  Authorized

               Domain:  DATA

       Oper host mode:  multi-auth

     Oper control dir:  in

      Session timeout:  28800s (server), Remaining: 28532s

       Timeout action:  Reauthenticate

    Common Session ID:  0AC9F1080007C27169370036

      Acct Session ID:  0x0007DD1A

               Handle:  0x6C000E8A

       Current Policy:  POLICY_Gi4/0/20

Server Policies:

              ACS ACL:  xACSACLx-IP-IGEL-ACL-5297633a

Method status list:

       Method           State

       dot1x            Authc Success

       mab              Stopped


switch1#sh ip access-lists interface Gi4/0/20


on old switch:

switch_2#sh ip access-lists interface Gi1/0/12

     permit icmp host any echo-reply

     permit udp host host eq ntp

     permit udp host any eq bootps

     permit udp host any eq bootpc

     permit udp host any eq domain

     permit tcp host eq smtp

     permit tcp host eq www

     permit tcp host eq 443

     permit tcp host eq 5000

     permit tcp host eq 4070

     permit tcp host any eq 5001

     permit tcp host eq 3269

     permit tcp host eq 3268

     permit tcp host eq 88

     permit udp host eq snmp

     permit udp host eq snmptrap

     permit udp host eq ntp

     permit udp host eq 464

     permit tcp host eq 464

     permit udp host eq 135

     permit tcp host eq 135

     permit tcp host eq 9100

     permit tcp host eq 9100

     permit udp host eq netbios-ns

     permit udp host eq netbios-ns

     permit tcp host eq 139

     permit tcp host eq 445

     permit tcp host any established


access list on interface

I'm not sure if that command is supported or not, I did a click look on a 3850 Cisco Configuration Guide and found the following.

show access-lists [number | name]

Displays the contents of one or all current IP and MAC address access lists or a specific access list (numbered or named).

show ip access-lists [number | name]

Displays the contents of all current IP access lists or a specific IP access list (numbered or named).

show ip interface interface-id

Displays detailed configuration and status of an interface. If IP is enabled on the interface and ACLs have been applied by using the ip access-group interface configuration command, the access groups are included in the display.

show running-config [interface interface-id]

Displays the contents of the configuration file for the switch or the specified interface, including all configured MAC and IP access lists and which access groups are applied to an interface.

show mac access-group [interface interface-id]

Displays MAC access lists applied to all Layer 2 interfaces or the specified

Layer 2 interface.

CreatePlease to create content