I’m trying to figure out why a new subnet can’t get out of our VSS L3 switch’s.
So I started looking at the ACL’s. I found if I run a show ip access-lists and compare that to the access-list section of show run… The Listed ACL’s are different…
The show ip access-list has a little over 100 lines.
The Access-list section of the show run output has close to half that.
Can someone help me understand the difference?
thanx
Hello Aaron
Hmm, that’s interesting. So the show ip access-list command displays more entries than those actually configured in the running configuration? Can you take a look and see what additional entries exist and let us know what type they are? Also, without posting your full output, can you give some examples of some entries that show up with the show ip access-list command that do not appear in the running configuration?
Let us know so we can further help in your troubleshooting activities.
Laz
I actually got this from another forum Friday.
show ip access-list will expand any objects to show you all the resultant combinations and permutations of show run | i access-list