Command Reference

Cisco "show access-lists" Command Explained

show access-lists — displays every ACL on the device with per-line match counters — what your filters are actually catching. Runs in privileged EXEC mode.

Syntax and common variants

VariantPurpose
show access-listsAll ACLs with hit counts
show access-lists 110One ACL
show ip interface gi0/1See which ACL is applied where
clear access-list countersZero the counters for a fresh test

Reading the output

Output / elementMeaning
10 permit tcp … (25 matches)Line number, rule, and how many packets matched
(no matches shown)Line never hit — rule may be shadowed or traffic absent

When to use it

Counters turn ACL debugging from guesswork into evidence: generate test traffic and watch which line increments. A deny climbing when it shouldn't = ordering problem; nothing incrementing = ACL not applied where you think (verify with show ip interface). Browse more in the command reference or practise in the free labs.

Frequently asked questions

Why is my ACL not blocking anything?

Check it's actually applied to the right interface and direction (show ip interface) — a defined-but-unapplied ACL does nothing.

What does the implicit deny mean here?

Every ACL ends with an invisible deny any — traffic matching no line is dropped, and it won't show a counter.

Can I edit one line of a numbered ACL?

With sequence numbers in named/modern syntax yes (ip access-list …); classic numbered ACLs typically need rebuild — another reason to prefer named ACLs.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.