After an ACL has been configured and applied to an interface, use Cisco IOS show commands to verify the configuration. In the figure, the top example shows the Cisco IOS command used to display the contents of all ACLs. The bottom example shows the result of issuing the show ip interface g0/0 command on router R1.
Unlike standard ACLs, extended ACLs do not implement the same internal logic and hashing function. The output and sequence numbers displayed in the show access-lists command output is the order in which the statements were entered. Host entries are not automatically listed prior to range entries.
The show ip interface command is used to verify the ACL on the interface and the direction in which it was applied. The output from this command includes the number or name of the access list and the direction in which the ACL was applied. The capitalized ACL names BROWSING and SURFING stand out in the screen output.
After an ACL configuration has been verified, the next step is to confirm that the ACLs work as planned; blocking and permitting traffic as expected.
The guidelines discussed earlier in this section, suggest that ACLs should be configured on a test network and then implemented on the production network.