I want to add new ACL rules to a Cisco router. I have no previous experience with cisco.
Many resources about Cisco acls have instructions on applying the acl rules to an interface. But I need to know which ACL rule is already active in an interface, so that I can add new rules to it.
show interfaces
command does not display the ACLs, which command is used to get the ACLs on an interface?
Edit: this page states show ip access-list interface tunnel 0
command for displaying ACLs on an interface, but it is usable only on IOS 12.4 and newer. What are my options in an IOS 11.1 router?
Solution: The issue is solved, but I don't know how :) I was told that somebody else™ fixed the issue.
show run
will display the active configuration, including ACLs.There's no command to do this in one go. You'll need to
show run <interface name>
to get the ACL applying and thenshow access-list <whatever>
to see the actual rules.In trying to learn the current configuration on pretty much any Cisco device,
show run
is normally a good starting point.Once you have extracted the portion of the running configuration that partains to the list your targeting, you can start to figure out what you need to add, remove, or change.
If you looking for a simple solution to edit an ACL I highly recommend Garth Evens ACL Editor. It not only will parse out the ACL so it is easy to read, you can also simulate what the ACL will do.
The "proper" way to do this without show run is 'show ip int X/Y'. This will show you all ip related information pertaining to an interface.
If there was an ACL set, it would tell you right here and then you could look at show access-list to look at the actual contents of it.