Hello,

MachairXi_2 · ‎01-31-2013

Hi

We got hunderds access-list lines on switch, I just wondering if there is a tool which I can use it to test if a added ACL line works, just like the packet-tracer command in ASA.

Thanks.

tobyarnett · ‎01-31-2013

You could use the nmap utility on a Linux system. It is a port scanning utility. The issue though comes from your source IP in the acl. How would the 'tool' or 'app' mimic the source IP without doing a self inflicted DoS on your network? Best approach is to write a similar acl line from a test subnet and run your port scanner to test the acl line.

-Toby

Sent from Cisco Technical Support Android App

-Toby

Please don't forget to rate any helpful post.

_____________________________________
There are no great limits to growth because there are no limits of human intelligence, imagination, and wonder.
- Ronald Reagan

MachairXi_2 · ‎02-05-2013

HI Toby

Thanks for your reply, but I think nmap isn't the best tool for me, the swtich is on remote site, I unable to use nmap for testing.

/Brad

Abzal · ‎02-05-2013

Hi,

May be this will help you

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080a9edd6.shtml

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

Jae Hak Kim · ‎08-04-2016

Hello,

Try this tool!

https://supportforums.cisco.com/document/13067081/access-list-checker

Kind regards,

Jae

GSA · ‎04-26-2018

https://www.youtube.com/watch?v=G-Pk4mt-3eg

So far, only in Russian.
If it is in demand, I will translate it into English in the future.

GSA · ‎05-15-2020

cisco IOS access-list verification tool:
https://aclcheck.ru

Are there any tools can test a access-list ?