Initial Troubleshooting Checklist
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Initial Troubleshooting Checklist
Begin troubleshooting IP-ACLs by checking the following issues:
Checklist
Verify licensing requirements. See Cisco MDS 9000 Family Fabric Manager
Configuration Guide.
Verify that the access list has been applied to the interface.
Verify that the access list is not empty.
Verify the order of the rules in the access list.
Common Troubleshooting Tools in Fabric Manager
Choose Switches > Security > IP ACL to access IP-ACL configuration.
Common Troubleshooting Commands in the CLI
The following commands may be useful in troubleshooting IP-ACL issues:
•
•
•
•
IP-ACL Issues
This section describes troubleshooting ACLs and includes the following topics:
•
•
•
•
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
21-4
show ip access-list
show ipv6 access-list
show interface
Use the log-deny option at the end of a filter condition to log information about packets that match
dropped entries. The log output displays the ACL number, permit or deny status, and port
information. Use the following CLI commands to ensure that the debug messages are logged to the
logfile for the kernel and ipacl facilities:
–
logging logfile SyslogFile 7
logging level kernel 7
–
logging level ipacl 7
–
All Packets Are Blocked, page 21-5
No Packets Are Blocked, page 21-7
PortChannel Not Working with ACL, page 21-8
Cannot Remotely Connect to Switch, page 21-8
Chapter 21
Troubleshooting IP Access Lists
Check off
OL-9285-05