[c-nsp] debugging all incoming traffic on an interface
Tim Franklin
tim at pelican.org
Tue Sep 23 09:49:23 EDT 2008
On Tue, September 23, 2008 2:07 pm, Wilkinson, Alex wrote:
> Curious ... since I dont have the luxury to play with cisco kit all day
> (jack of
> trades ...) can someone please give me a quick explanation as to how
> creating an
> ACL on an interface helps with debugging that interface ?
access-list 100 permit ip any any log
Will dump everything to the log. Eventually. Don't try this on busy
interfaces, kids! :)
Seriously, it's useful if you don't seem to be sending or receiving
anything at all, or for proving which side of a device the problem lies,
for example an ACL both inbound and outbound:
permit icmp any any log
permit ip any any
on a customer-facing interface, then pinging into the customer's network
from the other side of your own network can show that routing is working,
that packets traverse your network into the customer's network, but that
nothing comes back from the customer.
Regards,
Tim.
More information about the cisco-nsp
mailing list