beautypg.com

Displaying acl information, Displaying acls – IBM 12.1(22)EA6 User Manual

Page 404

background image

22-20

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 22 Configuring Network Security with ACLs

Displaying ACL Information

This example shows how to apply access list 2 on an interface to filter packets entering the interface:

Switch(config)# interface gigabitethernet0/20

Router(config-if)# ip access-group 2 in

Note

The ip access-group interface configuration command is only valid when applied to a management
interface or a Layer 2 physical interface. ACLs cannot be applied to interface port-channels.

For inbound ACLs, after receiving a packet, the switch checks the packet against the ACL. If the ACL
permits the packet, the switch continues to process the packet. If the ACL rejects the packet, the switch
discards the packet.

When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied
to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network
security.

Displaying ACL Information

You can display the ACLs that are configured on the switch, and you can display the ACLs that have
been applied to physical and management interfaces. This section consists of these topics:

Displaying ACLs, page 22-20

Displaying Access Groups, page 22-21

Displaying ACLs

You can display existing ACLs by using show commands.

Beginning in privileged EXEC mode, follow these steps to display access lists:

This example shows all standard and extended ACLs:

Switch# show access-lists

Standard IP access list 1

permit 172.20.10.10

Standard IP ACL 10

permit 12.12.12.12

Standard IP access list 12

deny 1.3.3.2

Step 5

show running-config

Display the access list configuration.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Command

Purpose

Command

Purpose

Step 1

show access-lists [number | name]

Show information about all IP and MAC address access lists or about a
specific access list (numbered or named).

Step 2

show ip access-list [number | name]

Show information about all IP address access lists or about a specific IP
ACL (numbered or named).

See also other documents in the category IBM Computer Accessories: