How to know that the access list is working

1545 pts.
Tags:
Access Control List
COMMANDS
Networking
Routing and switching
What command can I use to show that the access control list (ACL) is working?

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can use the “show IP accesslist” command to know how many hits are there.
===============

For more education check out this video on Hardening your Cisco router with IOS ACL’s

You can also use following commands
sho access-list

here is the sample output of this command
MBBM-PRM-3550-AS01#sho access-lists
Standard IP access list 10
10 permit 10.0.0.11 log
20 permit 10.0.0.8 log
30 permit 10.0.0.9 log
40 permit 10.0.0.12 log
50 permit 10.0.0.2 log
60 permit 10.0.0.1 log
70 permit 10.0.0.6 log
80 permit 10.0.0.7 log
90 permit 10.0.0.4 log
100 permit 10.0.0.5 log
110 permit 50.0.0.4 log
120 permit 10.20.0.98 log
130 permit 10.20.0.99 log
140 deny any log
Standard IP access list 11
10 permit 10.0.0.11 log
20 permit 10.0.0.8 log
30 permit 10.0.0.9 log
40 permit 10.0.0.12 log
50 permit 10.0.0.2 log
60 permit 10.0.0.1 log
70 permit 10.0.0.6 log
80 permit 10.0.0.7 log
90 permit 10.0.0.4 log
100 permit 10.0.0.5 log
110 permit 50.0.0.4 log
120 permit 10.20.0.98 log
130 permit 10.20.0.99 log
140 deny any log
Standard IP access list 12
10 permit 10.0.0.11 log
20 permit 10.0.0.8 log
30 permit 10.0.0.9 log
40 permit 10.0.0.12 log
50 permit 10.0.0.2 log
60 permit 10.0.0.1 log
70 permit 10.0.0.6 log
80 permit 10.0.0.7 log (98104 matches)
90 permit 10.0.0.4 log
100 permit 10.0.0.5 log (2418 matches)
110 permit 50.0.0.4 log
120 permit 10.20.0.98 log
130 permit 10.20.0.99 log
140 deny any log
Extended IP access list 102
10 permit tcp host 10.0.0.1 any eq telnet log (236 matches)
20 permit tcp host 10.0.0.2 any eq telnet log
30 permit tcp host 10.0.0.4 any eq telnet log
40 permit tcp host 10.0.0.5 any eq telnet log (4 matches)
50 permit tcp host 10.0.0.6 any eq telnet log
60 permit tcp host 10.0.0.7 any eq telnet log
70 permit tcp host 10.0.0.8 any eq telnet log
80 permit tcp host 10.0.0.9 any eq telnet log
90 permit tcp host 10.0.0.10 any eq telnet log
100 permit tcp host 10.0.0.11 any eq telnet log
110 permit tcp host 10.20.0.98 any eq telnet log
120 permit tcp host 10.20.0.99 any eq telnet log
130 permit tcp host 50.0.0.2 any eq telnet log (4 matches)
140 permit tcp host 50.0.0.4 any eq telnet log
150 permit tcp host 10.50.0.20 any eq telnet log
160 deny ip any any log

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Bhupendra
    you have collected full of information about how to see ACLs in routers as well as switches. After putting teh command Sh Access-lists. If matches are generating in your access-list, it means your access-list is working absolutely fine in the network. you can check it out in your live network. Please be careful, if you are going to delete access-list in your running network. Suppose if you want to delect any access-list, so pleas never use no access-list 102 command. If you will do the same, your entire access-list 102 will delete. So please be cautious & use the command : Router(config)#ip access-list extended 102 Router(config-list)#no 10 permit tcp host 10.0.0.1 any eq telnet log Router(config-list)#exit Then only that sequence no. access-list will go to erase & other will be remain as it was. For any further query & doubt. Please write me on my email ID : bhupendra_singh007@yahoo.co.in Thanks & Regards, Bhupendra Singh
    205 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following