Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Can I use 'extended ping' to simulate client ping? basic ACL testing

Imagine I am trying to test ACLs and validate whether a given IP

could communicate with a target server.

My goal in this case below is to ping target server=10.66.206.5 as if I was

a client IP=10.66.217.131.

Isn't possible to do this with extended ping? I don't understand why it does

not work. I am doing this from the layer 3 switch where routing takes place for the respective VLANs both server and clients are member of. Both servers and clients are connected to layer 2 switches which are connected to layer 3 3750 distribution switches.

3750layer3#ping

Protocol [ip]: 10.66.206.5

% Unknown protocol - "10.66.206.5", type "ping ?" for help

3750layer3#ping

Protocol [ip]:

Target IP address: 10.66.206.5

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.66.217.131 <=== *** Not sure why it returns invalid source. This is actual IP from a client.

% Invalid source

Source address or interface:

5 REPLIES
Hall of Fame Super Blue

Re: Can I use 'extended ping' to simulate client ping? basic ACL

Marlon

The source address or interface used in extended ping must belong to the actual router/switch you are running the ping on.

So unless 10.66.217.131 is assigned to an interface on the switch it will report that it is not a valid address.

Jon

Community Member

Re: Can I use 'extended ping' to simulate client ping? basic ACL

Darn. So I guess if I add a secondary IP address under the respective vlan interface, that could be a way to test it then.

Thanks.

Hall of Fame Super Blue

Re: Can I use 'extended ping' to simulate client ping? basic ACL

Marlon

Know it sounds a bit obvious but why not just use the client.

Or alternatively add a temporary entry into your acl for the switch interface address that 10.66.217.131 connects to and then test.

Jon

Community Member

Re: Can I use 'extended ping' to simulate client ping? basic ACL

I would use the client, but in this particular case there is no one on site so I want to make sure it is accurate before we have people trying the solution.

Sure, instead of adding the secondary IP address, I can definitely use the existing IP on the SVI.

Thankls!

Hall of Fame Super Blue

Re: Can I use 'extended ping' to simulate client ping? basic ACL

Marlon

No problem. Glad to have helped.

Jon

284
Views
0
Helpful
5
Replies
CreatePlease to create content