Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
5
Helpful
2
Replies

Question on ACL

rsgamage1
Level 3
Level 3

‎08-29-2008 12:43 AM - edited ‎03-03-2019 11:19 PM

Hi,

Is there a way to track TCP options (e.g.MSS) using an ACL.

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-31-2008 10:02 PM

Hello Ranil,

MSS is a parameter that is negotiated by the two endpoints during TCP setup I think this would require deep packet inspection like in a stateful firewall or at least IOS feature set.

If you want to troubleshoot a TCP session with a router you can use the debug tcp command.

ACLs allow for the keyword established that check the SYN flag.

Hope to help

Giuseppe

rsgamage1
Level 3
Level 3
In response to Giuseppe Larosa

‎08-31-2008 11:58 PM

Hi Giuseppe,

Thanks a lot for the confirmation. I was thinking of stateful inspection too.

And I've tried already with TCP flags which doesn't say much about it's options.

Wouldn't want to enable debug TCP also, as it will be quite resource intensive. Perhaps, with an ACL it'd try debugging IP packets.

Other choice would be to export IP traffic(ip traffic-export) and analyze on the fly. What is your experience with regard to ip traffic-export? Haven't used it so far and would like to have some thoughts.

Many thanks,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card