Can I use 'extended ping' to simulate client ping? basic ACL testing

Unanswered Question
Sep 9th, 2009

Imagine I am trying to test ACLs and validate whether a given IP

could communicate with a target server.

My goal in this case below is to ping target server= as if I was

a client IP=

Isn't possible to do this with extended ping? I don't understand why it does

not work. I am doing this from the layer 3 switch where routing takes place for the respective VLANs both server and clients are member of. Both servers and clients are connected to layer 2 switches which are connected to layer 3 3750 distribution switches.


Protocol [ip]:

% Unknown protocol - "", type "ping ?" for help


Protocol [ip]:

Target IP address:

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: <=== *** Not sure why it returns invalid source. This is actual IP from a client.

% Invalid source

Source address or interface:

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 09/09/2009 - 12:53


The source address or interface used in extended ping must belong to the actual router/switch you are running the ping on.

So unless is assigned to an interface on the switch it will report that it is not a valid address.


news2010a Wed, 09/09/2009 - 13:42

Darn. So I guess if I add a secondary IP address under the respective vlan interface, that could be a way to test it then.


Jon Marshall Wed, 09/09/2009 - 13:44


Know it sounds a bit obvious but why not just use the client.

Or alternatively add a temporary entry into your acl for the switch interface address that connects to and then test.


news2010a Wed, 09/09/2009 - 14:20

I would use the client, but in this particular case there is no one on site so I want to make sure it is accurate before we have people trying the solution.

Sure, instead of adding the secondary IP address, I can definitely use the existing IP on the SVI.



This Discussion