28-22
Catalyst 2960 Switch SoftwareConfiguration Guide
78-16881-01
Chapter28 Configuring Network Security with ACLs
Displaying IPv4 ACL Configuration
After receiving a packet, the switch checks it against the inbound ACL. If the ACL permits it, the switch
continues to process the packet. If the ACL rejects the packet, the switch discards it. When yo u apply an
undefined ACL to an interface, the switch acts as if the ACL has not been applied and permits all packets.
Remember this behavior if you use undefined ACLs for network security.
Displaying IPv4 ACL Configuration
You can display the ACLs that are configured on the switch, and you can display the ACLs that have
been applied to interfaces.
When you use the ip access-group interface configuration command to apply ACLs to a Layer 2
interface, you can display the access groups on the interface. You can also display the MAC ACLs
applied to a Layer 2 interface. You can use the privileged EXEC commands as described in Table28-2
to display this information.
Table28-2 Commands for Displaying Access Lists and Access Groups
Command Purpose
show access-lists [number | name] Display the contents of one or all current IP and MAC address access lists
or a specific access list (numbered or named).
show ip access-lists [number | name] Display the contents of all current IP access lists or a specific IP access list
(numbered or named).
show running-config [interface interface-id] Displays the contents of the configuration file for the switch or the
specified interface, including all configured MAC and IP access lists and
which access groups are applied to an interface.
show mac access-group [interface interface-id] Displays MAC access lists applied to all Layer 2 interfaces or the specified
Layer 2 interface.