10.4 Configuring Extended Access Lists
10.4.7 Verifying access-list configurations
Use the following four commands to view previously configured access lists:
  • show access-list
  • show ip access-list [access-list-number]
  • clear access-list counters [access-list-number]
  • show line

Use the show access-list command to display access lists from all protocols.
Use the 
show ip access-list command to display IP access lists. 

The system counts how many packets pass each line of an access list; the counters are displayed by the show access-list command. Use the clear access-list counters command in EXEC mode to clear the counters of an access list.

Use the show line command to display information about terminal lines.
The output from the
show ip access-lists command displays the contents of previously defined IP access lists.

For example, consider the following results:

p1r1#show access-lists
xtended IP access list 100
deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet (3 matches)
deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet
permit ip any any (629 matches)

Notice that three packets have matched the filter defined for Telnet sessions and 629 packets have been allowed to pass through.

Access lists have overhead, especially if the list is long and is placed on busy backbone routers. Such access lists could become performance concerns. Although the underlying technology of access-list processing is efficient, in a few cases an alternative can be used to avoid access lists altogether. The next section covers such an alternative.