Cisco: find all interfaces with an access-list applied and only those interfaces:

Cisco: find all interfaces with an access-list applied:

I currently use the following command (see below), but it displays all interfaces, even if they are not using an access list or if they are down. I’m looking for a command that will display only the interfaces that have access-list applied and not include any interfaces that don’t have access-list applied.

Current command I use:
show ip interface | i line|list

It takes a long time to sort through; I need a command that is more precise.

Thank you,
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
Is this PIX or IOS?
James HoodAssistant Technical Manager (IT Infrastructure)Commented:
If you simply need to identify the interface names as opposed to their individual configurations (assuming ASA/PIX):

sh run access-group

Open in new window

This will return the lines in the cofiguration that bind the access group to an interface. For example, if you have two access lists called outside-in and inside-in and they are bound to two interfaces called outside and inside respectively the above command would return:

access-group outside-in in interface outside
access-group inside-in in interface inside

Open in new window

Obviously this example is a simple configuration however, if you had multiple interfaces/subinterfaces with multiple access lists it would return more lines.

Hope this helps.
dsterlingAuthor Commented:
Daniel Sheppard : It's IOS and NX-OS that I'm referring too,

James Hood: This command can be useful, but I'm looking for something that shows the interface and access list applied to that interface. The command I'm using "show ip interface | i line|list" give's me the information on interfaces and applied access-list, but it give's me information on all interfaces whether or not an access-list is applied.
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:

unfortunately, the way piping works is the first pipe is the actual pipe.  The second is a or.  You can't re-pipe to a "exclude" for example, so there will be no way of filtering out the lines where an access list is not set.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.