Purpose
Command or Action
Returns to privileged EXEC mode.
end
Example:
Switch(config)#
end
Step 6
Monitoring IPv4 ACLs
You can monitor IPv4 ACLs by displaying the ACLs that are configured on the switch, and displaying the
ACLs that have been applied to interfaces and VLANs.
When you use the
ip access-group
interface configuration command to apply ACLs to a Layer 2 or 3 interface,
you can display the access groups on the interface. You can also display the MAC ACLs applied to a Layer
2 interface. You can use the privileged EXEC commands as described in this table to display this information.
Table 18: Commands for Displaying Access Lists and Access Groups
Purpose
Command
Displays the contents of one or all current IP and MAC address
access lists or a specific access list (numbered or named).
show access-lists
[
number
|
name
]
Displays the contents of all current IP access lists or a specific
IP access list (numbered or named).
show ip access-lists
[
number
|
name
]
Displays detailed configuration and status of an interface. If IP
is enabled on the interface and ACLs have been applied by using
the
ip access-group
interface configuration command, the access
groups are included in the display.
show ip interface interface-id
Displays the contents of the configuration file for the switch or
the specified interface, including all configured MAC and IP
access lists and which access groups are applied to an interface.
show running-config
[
interface
interface-id
]
Displays MAC access lists applied to all Layer 2 interfaces or
the specified
Layer 2 interface.
show mac access-group
[
interface
interface-id
]
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29048-01
179
Configuring IPv4 ACLs
Monitoring IPv4 ACLs