Unanswered Question
Aug 24th, 2010
User Badges:

Dear Team,

Is there any tool available to check the most specfic acl for a particular IP/Network address.

For Ex:

1. Copy And Paste the acl from PIX/ASA to the tool

2. Give IP and Subnet for query

It should say which line will match for that IP/network


Manu B.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Tue, 08/24/2010 - 05:31
User Badges:
  • Cisco Employee,

No, there is no such tool that I know off. Please kindly be advised that ACL is matched from top to bottom, so even if you are matching on a more specific ACL line, if you have an ACL line above with wider range that matches first, it will match on that line first as ACL is processed from top to bottom.

terrygwazdosky Tue, 08/24/2010 - 09:37
User Badges:

If your firmware version supports it you can sort of do this with packet tracker via ASDM.


This Discussion