Chapter 21 Troubleshooting Ip Access Lists; Overview; Protocol Information - Cisco 9134 - MDS Multilayer Fabric Switch Troubleshooting Manual

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Troubleshooting IP Access Lists
This chapter describes how to troubleshoot IPv4 and IPv6 access lists (IP-ACLs) created and maintained
in the Cisco MDS 9000 Family. It includes the following sections:
•
•
•

Overview

IP-ACLs provide basic network security to all switches in the Cisco MDS 9000 Family. IP-ACLs restrict
IP-related traffic based on the configured IP filters. A filter contains the rules to match an IP packet, and
if the packet matches, the rule also stipulates if the packet should be permitted or denied.
Each switch in the Cisco MDS 9000 Family can have a maximum of 64 IP-ACLs and each IP-ACL can
have a maximum of 256 filters.
An IP filter contains rules for matching an IP packet based on the protocol, address, and port. IPv4 filters
can also match on an ICMP type and type of service (ToS).
This section includes the following topics:
•
•
•
•
•

Protocol Information

You can specify the IP protocol in one of two ways:
•
•
OL-9285-05
Overview, page 21-1
Initial Troubleshooting Checklist, page 21-4
IP-ACL Issues, page 21-4
Protocol Information, page 21-1
Address Information, page 21-2
Port Information, page 21-2
ICMP Information, page 21-3
ToS Information, page 21-3
Specify an integer ranging from 0 to 255. This number represents the IP protocol.
Specify the name of a protocol, restricted to Internet Protocol (IP), Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
C H A P T E R
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
21
21-1