Introduction / Context:
When troubleshooting reachability, you often need to confirm whether an ACL is bound to an interface and whether it is inbound or outbound. Cisco IOS provides several show commands; knowing the one that directly states ACL bindings saves time and avoids misinterpretation of raw ACL lines.
Given Data / Assumptions:
- IPv4 environment on Cisco IOS.
- ACLs may be numbered or named.
- We need to check binding and direction on a specific interface.
Concept / Approach:
show ip interface (or without the interface to list all) displays, among other details, whether an ACL is applied inbound or outbound: for example, “Inbound access list is …” and “Outgoing access list is …”. The generic show access-lists shows ACL contents and counters but not their interface bindings.
Step-by-Step Solution:
Run show ip interface to view ACL binding fields.Confirm the ACL name/number and direction (in/out).Correlate with show access-lists to review specific entries and hit counters.Adjust configuration if the wrong ACL/direction is applied.
Verification / Alternative check:
Checking show running-config interface will also display the ip access-group lines, but show ip interface is quicker for at-a-glance status.
Why Other Options Are Wrong:
- show access-lists: no interface binding shown.
- Other commands listed are not valid IOS commands for this purpose.
Common Pitfalls:
- Looking only at ACL counters without confirming that the ACL is actually applied to the traffic path.
- Forgetting the direction semantics: “in” means packets entering the interface.
Final Answer:
show ip interface
Discussion & Comments