how to check if ICMP is blocked

Unanswered Question
Jun 22nd, 2008
User Badges:

Hi all,

i have to sites connected through serial link.both are up.but ping is not allowed.

how can i check in access list that ICMP

is blocked.

fdcb-habshan#sh ip int brief

Interface IP-Address OK? Method Status Prot ocol

GigabitEthernet0/0 10.26.3.11 YES NVRAM up up

GigabitEthernet0/1 unassigned YES NVRAM administratively down down

Serial0/0/0 10.26.126.1 YES NVRAM up up

Serial0/0/1 unassigned YES NVRAM down down

Serial0/1/0:0 unassigned YES NVRAM down down

Serial0/1/1:0 unassigned YES unset down down ping 10.26.126.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.26.126.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)


this is other site which i can no tping



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Jason Fraioli Sun, 06/22/2008 - 12:35
User Badges:

"show int ser 0/0/0" will tell you if there is an ACL on that interface


"show cdp neigbors" will show you if the device on the other side of serial 0/0/0 can talk to you (assuming it is a Cisco device)

Richard Burts Sun, 06/22/2008 - 12:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jason


Actually sh int ser0/0/0 will not show whether there is an access list. But show ip int serial0/0/0 will show whether access lists are applied to the interface. Of course there is the possibility that there might be an access list on the interface of the other router. And there is not any way to determine that from this router.


I like the idea of using show CDP neighbor to validate connectivity on the link and to verify who the neighbor is. I would like it even better to show CDP neighbor detail which will not only tell us who the neighbor is but will tell us what IP address is configured on its serial interface. I wonder what the possibilities are that the address on the remote interface is not .2


HTH


Rick

Richard Burts Sun, 06/22/2008 - 12:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mahesh


Another good thing that you could do to test the link is to see if you can ping your own serial interface address 10.26.126.1. If you can ping your own serial interface address it validates that the link is working and that the neighbor router has some address on the interface in the right subnet.


HTH


Rick

Jason Fraioli Sun, 06/22/2008 - 16:55
User Badges:

doh! sorry for that bad command. I knew it was one of the two, and wasn't in front of a console when I posted.

Actions

This Discussion