Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1663
Views
0
Helpful
0
Comments

Using ACLs to verify a traffic flow

Collin Clark
VIP Alumni
VIP Alumni

‎09-18-2009 11:56 AM - edited ‎03-01-2019 04:24 PM

Creating and applying an access list to interface can verify if traffic is making to or from a source/destination. In the following example I want to see if HTTP traffic is making to the subnet where my HTTP server is. First I create an access list.

access-list 100 deny tcp any any eq 0
access-list 100 deny udp any any eq 0
access-list 100 permit tcp host 192.x.y.z host 10.a.b.c eq 80 log

access-list 100 permit ip any any

Next apply the access list to the interface.

ip access-group 100 in

Now we send some traffic and then check the logs and the access list.

show log

%SEC-6-IPACCESSLOGP: list 100 permit tcp 192.x.y.z(30430) -> 10.a.b.c(80), 1 packet

show access-list 100

30 permit tcp any host 192.x.y.z host 10.a.b.c eq 80 log (4 matches)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card