We got hunderds access-list lines on switch, I just wondering if there is a tool which I can use it to test if a added ACL line works, just like the packet-tracer command in ASA.
You could use the nmap utility on a Linux system. It is a port scanning utility. The issue though comes from your source IP in the acl. How would the 'tool' or 'app' mimic the source IP without doing a self inflicted DoS on your network? Best approach is to write a similar acl line from a test subnet and run your port scanner to test the acl line.
Sent from Cisco Technical Support Android App
Thanks for your reply, but I think nmap isn't the best tool for me, the swtich is on remote site, I unable to use nmap for testing.
May be this will help you
Hope it will help.