RE: debugging access list

From: Michael Macchiorola (michael_macchiorola@xxxxxxxxxx)
Date: Sat Jan 15 2000 - 07:20:08 GMT-3

• Next message: pkm@xxxxxxxxxx: "Re: [VPN] 'n' points..."
• Previous message: Scott F. Robohn: "Re: [VPN] 'n' points..."
• Maybe in reply to: Stein, Jared: "debugging access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Jared,

In my studies last night I stumbled upon the 'ip accounting
access-violations' command. This command is an interface command that will
create a database of all the packets denied by any access-list on the
specified interface.

To display contents of the database use the 'show ip access-violations'
command. To clear database use the 'clear ip accounting' command.

Mike

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Stein, Jared
Sent: Friday, January 14, 2000 1:59 AM
To: 'ccielab@groupstudy.com'
Subject: debugging access list

Is there anyway to find out what is trying to get through you access list
applied on an interface.

Example

access list 101 permit icmp any any

can I see what traffic is failing by port? how could I see if gre was
failing, ftp etc.

Thanks

• Next message: pkm@xxxxxxxxxx: "Re: [VPN] 'n' points..."
• Previous message: Scott F. Robohn: "Re: [VPN] 'n' points..."
• Maybe in reply to: Stein, Jared: "debugging access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:44 GMT-3