cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17446
Views
25
Helpful
4
Replies

How to verify an ACL is used or not in IOS

PETER BUZA
Level 1
Level 1

Hi Guys,

Do you know that there is a command or tricky way to check whether an access-list (e.g access-list 1) is used by any route-map, interface, etc in the configuration?

I have Catalyst 6509s with IOS version 12.2(18)SXF7

Thank you in advance.

BR, Peter
1 Accepted Solution

Accepted Solutions

There is no such built-in command. But you can use pipe and filters to find where acls are applied. For exaple the command will show you acls on interfaces:

show ip interface | include is up|is administratively|is down|Outgoing|Inbound 

View solution in original post

4 Replies 4

There is no such built-in command. But you can use pipe and filters to find where acls are applied. For exaple the command will show you acls on interfaces:

show ip interface | include is up|is administratively|is down|Outgoing|Inbound 

Hi Alexey,

Yeah, I was really interested in whether a built-in command exists for this or not. But if not, then I need to stay using the pipe. ;-)

Thank you.

Peter

BR, Peter

But be aware that an ACL doesn't need to be applied in the config to be used. An ACL that is only configured could still be referenced by an AAA-Server, for example when you use any kind of authentication (like 802.1x or auth-proxy).

Mark Malone
VIP Alumni
VIP Alumni

Hey you should see hits on the acl if you do a show access-list x to see if its taking hits and is in use

in the route-map itself under the running-config it should show something like match ip address 1 or under the interface shoulkkd be ip access-group 1

Standard IP access list 5
    250 permit 172.19.249.77
    10 permit 172.19.154.53 (915189 matches)

Review Cisco Networking for a $25 gift card