06-17-2007 10:53 PM - edited 02-20-2020 09:39 PM
Hi all, I have only small questin. Do anyone of you know the way, how to easy find if communication is allowed or denied by access-list? I cannot try communication, I can only work with lines of access-list in console. Maybe its exist some program or script for searching in access-list. THX for you advice.
06-18-2007 03:42 AM
a) sh access-list (name )
It will show you the hitcount
inet-FW# sh access-list no-nat-dmz
access-list no-nat-dmz; 2 elements
access-list no-nat-dmz line 1 permit ip 10.157.36.0 255.255.255.0 10.0.0.0 255.0
.0.0 (hitcnt=0)
access-list no-nat-dmz line 2 permit icmp 10.100.36.0 255.255.255.0 10.0.0.0 255
.0.0.0 (hitcnt=0)
you can use the Pipe command for specifics such as
show access-list (name ) | include ftp
it will give you all lines containing deny
06-19-2007 04:51 AM
Hallo, thank you for your advice, but it will not help me, I know your way how to check access-list, but this way need me to know what line is going about. But my problem is, that I need to add new line and Im not sure if this communication isnt allowed somwhere up in the access-list (maybe with shorter mask, or full IP,...) I think that this need some software or script and Im not able to find something similar anywhere.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide