Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ACL MATCH CHECKER

Dear Team,

Is there any tool available to check the most specfic acl for a particular IP/Network address.

For Ex:

1. Copy And Paste the acl from PIX/ASA to the tool

2. Give IP and Subnet for query

It should say which line will match for that IP/network

Regards,

Manu B.

2 REPLIES
Cisco Employee

Re: ACL MATCH CHECKER

No, there is no such tool that I know off. Please kindly be advised that ACL is matched from top to bottom, so even if you are matching on a more specific ACL line, if you have an ACL line above with wider range that matches first, it will match on that line first as ACL is processed from top to bottom.

New Member

Re: ACL MATCH CHECKER

If your firmware version supports it you can sort of do this with packet tracker via ASDM.

475
Views
0
Helpful
2
Replies
CreatePlease to create content