dsterling
asked on
Cisco: find all interfaces with an access-list applied and only those interfaces:
Cisco: find all interfaces with an access-list applied:
I currently use the following command (see below), but it displays all interfaces, even if they are not using an access list or if they are down. I’m looking for a command that will display only the interfaces that have access-list applied and not include any interfaces that don’t have access-list applied.
Current command I use:
show ip interface | i line|list
It takes a long time to sort through; I need a command that is more precise.
Thank you,
I currently use the following command (see below), but it displays all interfaces, even if they are not using an access list or if they are down. I’m looking for a command that will display only the interfaces that have access-list applied and not include any interfaces that don’t have access-list applied.
Current command I use:
show ip interface | i line|list
It takes a long time to sort through; I need a command that is more precise.
Thank you,
Daniel Sheppard
Is this PIX or IOS?
Hi,
If you simply need to identify the interface names as opposed to their individual configurations (assuming ASA/PIX):
This will return the lines in the cofiguration that bind the access group to an interface. For example, if you have two access lists called outside-in and inside-in and they are bound to two interfaces called outside and inside respectively the above command would return:
Obviously this example is a simple configuration however, if you had multiple interfaces/subinterfaces with multiple access lists it would return more lines.
Hope this helps.
If you simply need to identify the interface names as opposed to their individual configurations (assuming ASA/PIX):
sh run access-groupThis will return the lines in the cofiguration that bind the access group to an interface. For example, if you have two access lists called outside-in and inside-in and they are bound to two interfaces called outside and inside respectively the above command would return:
access-group outside-in in interface outside
access-group inside-in in interface insideObviously this example is a simple configuration however, if you had multiple interfaces/subinterfaces with multiple access lists it would return more lines.
Hope this helps.
ASKER
Daniel Sheppard : It's IOS and NX-OS that I'm referring too,
James Hood: This command can be useful, but I'm looking for something that shows the interface and access list applied to that interface. The command I'm using "show ip interface | i line|list" give's me the information on interfaces and applied access-list, but it give's me information on all interfaces whether or not an access-list is applied.
James Hood: This command can be useful, but I'm looking for something that shows the interface and access list applied to that interface. The command I'm using "show ip interface | i line|list" give's me the information on interfaces and applied access-list, but it give's me information on all interfaces whether or not an access-list is applied.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.