Re: ACL testing

dporod · ‎05-06-2009

Is anyone aware of a command in 3750 IOS that would allow testing packet flow though ACLs? I'm thinking of something that would operate like Packet Tracer in the ASA products.

Thotsaphon Lueangwattanaphong · ‎05-06-2009

Dave,

Do you want to test outbound acls with router/switch generating traffic?

Toshi

dporod · ‎05-06-2009

Just want to test traffice going from one vlan to another through ACLs

Thotsaphon Lueangwattanaphong · ‎05-06-2009

Dave,

You mean, you want to use the switch to test traffic from one vlan to another. Do you mean outbound ACLs? Let's say vlan 10 going to vlan 20. There is an outbound ACL applied on the interface of vlan20. Right? And you are going to test it by using extend ping or something like that on the switch. Right?

Toshi

dporod · ‎05-06-2009

Yes, would like more that just ping, would like to specify the protocol and port along with souce and destination.

Thotsaphon Lueangwattanaphong · ‎05-06-2009

Dave,

First of all, you can test by using the following commands.

We are going to test tcp/80 on host 20.20.20.2 on vlan 20 by using a source address as a gateway of vlan 10.

SW#telnet 20.20.20.2 80 /source-interface vlan 10

The problem is that you want to check/block/petmet it with outbound ACLs on vlan20 (for example). Right?

Toshi

GSA · ‎05-15-2020

cisco IOS access-list verification utility:
https://aclcheck.ru