Table of Contents
Advertisement
Switch#show access-lists
access-list 110(used 1 time(s))
access-list 110 deny tcp 10.0.0.0 0.0.0.255 any-destination d-port 21
Switch#show access-group interface ethernet 1/10
interface name:Ethernet1/10
the ingress acl use in firewall is 110.
22.4 ACL Troubleshooting
Checking for entries in the ACL is done in a top-down order and ends whenever an
entry is matched.
Default rule will be used only if no ACL is bound to the specific direction of the port,
or no ACL entry is matched.
Applies to IP packets incoming on all ports, and has no effect on other types of
packets.
One port can bound to only one incoming ACL.
The number of ACLs that can be successfully bound depends on the content of the
ACL bound and the hardware resource limit. Users will be prompted if an ACL
cannot be bound due to hardware resource limitation.
If an access-list contains same filtering information but conflicting action rules,
binding to the port will fail with an error message. For instance, configuring "permit
tcp any-source any-destination" and "deny tcp any-source any-destination" at the
same time is not permitted.
Viruses such as "worm.blaster" can be blocked by configuring ACL to block specific
ICMP packets or specific TCP or UDP port packet.
22.4.1 Commands for Monitor And Debug
22.4.1.1 show access-lists
Command: show access-lists [<num>|<acl-name>]
Functions: Reveal ACL of configuration
Parameters: <acl-name>, specific ACL name character string; <num>, specific ACL No.
Default: None
Command Mode:Admin mode
809
- Quick Links:
- Management Via Http
- Cli Interface
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
