对于 Cisco 路由器和交换机,是否有 show 命令或类似命令可以显示 ACL 在哪些物理和逻辑接口上实施以及它应用于哪个方向?
我正在寻找比show run | <some regex>.
显示 ACL 应用于哪些接口的 Cisco 命令
网络工程
思科
转变
路由器
ACL
界面
2021-07-19 14:58:56
4个回答
我认为没有比show interfaces | <some regex>不幸更简单的事情了。
编辑:
从下面的评论中,@ Santino指出了一个更简洁的 RegEx:
show ip interface | include line protocol|access list
到目前为止,我的测试表明这与我下面更长的 RegEx 给出了相同的结果。
我通常使用以下内容来查找应用 ACL 的位置:
show ip interface | include is up|is administratively|is down|Outgoing|Inbound
这为您提供了每个接口,无论状态如何,然后出站和入站 ACL 是什么。例如:
LAB-4510-A#show ip interface | include is up|is administratively|is down|Outgoing|Inbound
Vlan1 is administratively down, line protocol is down
Vlan110 is up, line protocol is up
Outgoing access list is not set
Inbound access list is VENDOR->INTERNET
Vlan140 is administratively down, line protocol is down
Outgoing access list is not set
Inbound access list is not set
Vlan150 is down, line protocol is down
Outgoing access list is not set
Inbound access list is VENDOR->INTERNET
Vlan210 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
FastEthernet1 is administratively down, line protocol is down
Outgoing access list is not set
Inbound access list is not set
GigabitEthernet1/1 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
GigabitEthernet1/2 is down, line protocol is down
Inbound access list is not set
Outgoing access list is not set
对于每个接口,依此类推。
此命令适用于 Cisco 交换机和路由器。请参阅以下 7200 路由器的示例输出:
LAB-7204-A#show ip interface | include is up|is administratively|is down|Outgoing|Inbound
GigabitEthernet0/1 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
FastEthernet0/2 is administratively down, line protocol is down
GigabitEthernet0/2 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
GigabitEthernet0/3 is administratively down, line protocol is down
SSLVPN-VIF0 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
Loopback0 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
Loopback1 is up, line protocol is up
Outgoing access list is not set
Inbound access list is not set
如果你有一个show run | <some regex>你喜欢的命令来显示你需要的信息,你总是可以创建一个别名。
使用此命令的示例:
alias exec shacls sh ip int | inc line protocol|access list is [^ ]+$.
然后你就可以使用alias-name(在这个例子中是 shacls),它和show run | <some regex>
注意:您需要在每个 IOS 设备上执行此操作。ASA 略有不同。
编辑:我不能相信sh ip int | inc line protocol|access list is [^ ]+$那是来自PacketLife IOS Tips。
我早些时候搞砸了这个,发现一个非常简单的正则表达式应该给你你想要的。
店铺 ip int | inc ^[AZ]|访问列表
该列表需要忽略访问冲突行。
我记得是这样的。对我来说最容易记住的最短时间。
sh ip int | i line|list
其它你可能感兴趣的问题