Access Control List Troubleshooting

1. Determine which switches have ACLs enabled and in what direction the ACL is being applied ( inbound or outbound)
  • Commands: show running-config & show ip interfaces
2. Examine the ACL statements to identify which packets are filtered 
  • Commands: show access-list & show ip access-list
3. Analyze the ACL to predict how the ACL will impact traffic flow

Things to remember
  • ACLs use first-match logic
  • Find which type of ACL is in use standard or extended
  • tcp & udp keywords must be used when checking port numbers
  • ICMP is not considered tcp or udp, rather its own protocol matchable with extended access lists
  • Use an explicit configuration at the end of the ACL to activate counters on ACL violations. 

No comments:

Post a Comment