Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1073
Views
0
Helpful
2
Replies

how to troubleshoot ACL's..

ashok_boin
Level 5
Level 5

‎03-17-2005 09:33 PM - edited ‎03-03-2019 09:04 AM

Hi,

Let's take a simple scenario...

A - R1 - R2 - R3 ... - Rn - B

A is a client and B is a server and Rx are Cisco routers in between.

Assuming that we have received a complaint just like this.

A is not able to connect to B server on port UDP/1400 but able to ping.

There are ACL's in each n every router along the path. So, in this case, how can we quickly analyze (without going by router and router to check manually) where the packets are dropping and on which router?

I have ruled out the options to use extended ping or telnet with src interface option, as I cann't use them perfectly to test the communication between Source A and Destination B except the edge routers.

I would like to know a tip or any networking tool which tells us about the router where packets are dropping.

Thanks in advance..

Regards...

-Ashok.


With best regards...
Ashok
Labels:
0 Helpful
2 Replies 2

dgahm
Level 8
Level 8

‎03-19-2005 11:21 AM

You could configure all routers to log all dropped packets to a syslog server, then search the log for the address you are troubleshooting.

You will need an explicit deny any at the end of your ACLs.

access-list 150 deny ip any any log

logging 10.1.1.1 (address of syslog server)

0 Helpful

ashok_boin
Level 5
Level 5
In response to dgahm

‎03-21-2005 10:21 AM

Suggestion is excellent. Thank you very much.

I feel it is very daunting task to add this entry on each inbound and outbound interface of routers (for eg 12 routers).


With best regards...
Ashok
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card