cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10125
Views
15
Helpful
4
Replies
Highlighted
Beginner

How to verify an ACL is used or not in IOS

Hi Guys,

Do you know that there is a command or tricky way to check whether an access-list (e.g access-list 1) is used by any route-map, interface, etc in the configuration?

I have Catalyst 6509s with IOS version 12.2(18)SXF7

Thank you in advance.

BR, Peter
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

There is no such built-in command. But you can use pipe and filters to find where acls are applied. For exaple the command will show you acls on interfaces:

show ip interface | include is up|is administratively|is down|Outgoing|Inbound 

View solution in original post

4 REPLIES 4
Highlighted

There is no such built-in command. But you can use pipe and filters to find where acls are applied. For exaple the command will show you acls on interfaces:

show ip interface | include is up|is administratively|is down|Outgoing|Inbound 

View solution in original post

Highlighted

Hi Alexey,

Yeah, I was really interested in whether a built-in command exists for this or not. But if not, then I need to stay using the pipe. ;-)

Thank you.

Peter

BR, Peter
Highlighted

But be aware that an ACL doesn't need to be applied in the config to be used. An ACL that is only configured could still be referenced by an AAA-Server, for example when you use any kind of authentication (like 802.1x or auth-proxy).

Highlighted
VIP Mentor

Hey you should see hits on the acl if you do a show access-list x to see if its taking hits and is in use

in the route-map itself under the running-config it should show something like match ip address 1 or under the interface shoulkkd be ip access-group 1

Standard IP access list 5
    250 permit 172.19.249.77
    10 permit 172.19.154.53 (915189 matches)

Content for Community-Ad