cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3242
Views
0
Helpful
6
Replies

ACL testing

dporod
Level 1
Level 1

Is anyone aware of a command in 3750 IOS that would allow testing packet flow though ACLs? I'm thinking of something that would operate like Packet Tracer in the ASA products.

6 Replies 6

Dave,

Do you want to test outbound acls with router/switch generating traffic?

Toshi

Just want to test traffice going from one vlan to another through ACLs

Dave,

You mean, you want to use the switch to test traffic from one vlan to another. Do you mean outbound ACLs? Let's say vlan 10 going to vlan 20. There is an outbound ACL applied on the interface of vlan20. Right? And you are going to test it by using extend ping or something like that on the switch. Right?

Toshi

Yes, would like more that just ping, would like to specify the protocol and port along with souce and destination.

Dave,

First of all, you can test by using the following commands.

We are going to test tcp/80 on host 20.20.20.2 on vlan 20 by using a source address as a gateway of vlan 10.

SW#telnet 20.20.20.2 80 /source-interface vlan 10

The problem is that you want to check/block/petmet it with outbound ACLs on vlan20 (for example). Right?

Toshi

cisco IOS access-list verification utility:
https://aclcheck.ru
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: