cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13614
Views
25
Helpful
4
Replies

How to verify an ACL is used or not in IOS

PETER BUZA
Beginner
Beginner

Hi Guys,

Do you know that there is a command or tricky way to check whether an access-list (e.g access-list 1) is used by any route-map, interface, etc in the configuration?

I have Catalyst 6509s with IOS version 12.2(18)SXF7

Thank you in advance.

BR, Peter
1 ACCEPTED SOLUTION

Accepted Solutions

There is no such built-in command. But you can use pipe and filters to find where acls are applied. For exaple the command will show you acls on interfaces:

show ip interface | include is up|is administratively|is down|Outgoing|Inbound 

View solution in original post

4 REPLIES 4

There is no such built-in command. But you can use pipe and filters to find where acls are applied. For exaple the command will show you acls on interfaces:

show ip interface | include is up|is administratively|is down|Outgoing|Inbound 

Hi Alexey,

Yeah, I was really interested in whether a built-in command exists for this or not. But if not, then I need to stay using the pipe. ;-)

Thank you.

Peter

BR, Peter

But be aware that an ACL doesn't need to be applied in the config to be used. An ACL that is only configured could still be referenced by an AAA-Server, for example when you use any kind of authentication (like 802.1x or auth-proxy).

Mark Malone
Mentor
Mentor

Hey you should see hits on the acl if you do a show access-list x to see if its taking hits and is in use

in the route-map itself under the running-config it should show something like match ip address 1 or under the interface shoulkkd be ip access-group 1

Standard IP access list 5
    250 permit 172.19.249.77
    10 permit 172.19.154.53 (915189 matches)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: