cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
38934
Views
17
Helpful
6
Replies

how to know on what interface is the accesslist applied

Majed Zouhairy
Level 1
Level 1

Hello,

I have a named access-list applied to some interface. I know the name of the access list but i do not know on what interface it is applied.there are lots of access-list on the 6500 switch so i'd rather not go guessing on what interface it is applied.

my imagination let me come out with the command:

sh run | section ip access-group WORD

but this does not begin with the interface name it only shows the next interface.

does any one know of a command to know where the access list is applied?

6 Replies 6

Wantser1981_2
Level 1
Level 1

You could try:

show ip interface | include line protocol | WORD

WORD = your access list name.

This will list all the IP interfaces, but also the lines below directly under the interfaces they are assigned to.

Outgoing access list is WORD

Inbound access list is WORD

ACL's can be used elsewhere obviously, but this might give you an idea of the L3 interfaces to which it is applied.

Andy

well it works but i have to list over quite a big list and the only other alternative mentioned on another site is:

sh run | I interface|access-group

which also shows a long list to search at.

anyway thanks for the help.

Hi,

what about

sh run linenum | beg access-group WORD

?

That would give you the number of config line where the ACL is applied.

Let's say you get the line number 1170  from this output.

So the interface name should be visible just several lines before that line!

So sh run linenum | beg 1160 :

should show you the desired interface name.

Best regards,

Milan

it's funny my wife's family was Kulik

but on the 6500 l3 switch there is no such command:

switch#sh run ?

  all        Configuration with defaults

  brief      configuration without certificate data

  full       full configuration

  identity   Show identity profile/policy information

  interface  Show interface configuration

  map-class  Show map class information

  module     Show module configuration

  partition  Configuration corresponding a partition

  view       View options

  vlan       Show L2 VLAN information

  vrf        Show VRF aware configuration

  |          Output modifiers

 

but thanks for the effort

Hi,

hopefully in some next IOS version...

In that case, I see only one possibility:

Download the config to your PC and use some handy file editor to search.

Or capture the output of

sh run | I interface|access-group

save it as a text file and again use some file editor.

Best regards,

Milan

You may try

 

show run access-group

 

Thanks,

Jagjeet

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: