Verifying ACLs applied to a specific interface: With limited privilege preventing “show running-config,” which command displays whether inbound/outbound IP access lists are applied on interface Ethernet0?
-
Ashow access-lists
-
Bshow interface Ethernet 0
-
Cshow ip access-lists
-
Dshow ip interface Ethernet 0
Answer
Correct Answer: show ip interface Ethernet 0
Explanation
Introduction / Context:When troubleshooting packet filtering, you often need to confirm not just the contents of the ACL, but whether that ACL is actually bound to an interface and in which direction. Cisco IOS provides an interface-centric command that clearly reports the attached inbound and outbound ACLs.
Given Data / Assumptions:
- Access to show running-config is restricted by privilege levels.
- You can use standard show commands.
- Target interface is Ethernet0.
Concept / Approach:
show ip interface
Step-by-Step Solution:
Issue: show ip interface Ethernet 0Locate the lines indicating inbound/outbound ACLs.If needed, then run: show access-listsVerification / Alternative check:
Remove the ACL from the interface (if permitted) and rerun the command; the lines will change to “not set,” confirming that the command reflects actual bindings.
Why Other Options Are Wrong:
A and C list ACL contents globally, not interface bindings.
B shows operational statistics but typically does not include the ACL attachment lines.
Common Pitfalls:
Confusing ACL contents with ACL application; forgetting directionality (in vs out) when interpreting results; assuming that an ACL exists means it is applied.
Final Answer:
show ip interface Ethernet 0