Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7892
Views
9
Helpful
4
Replies

how to check if ICMP is blocked

mahesh18
Level 6
Level 6

‎06-22-2008 11:21 AM - edited ‎03-05-2019 11:45 PM

Hi all,

i have to sites connected through serial link.both are up.but ping is not allowed.

how can i check in access list that ICMP

is blocked.

fdcb-habshan#sh ip int brief

Interface IP-Address OK? Method Status Prot ocol

GigabitEthernet0/0 10.26.3.11 YES NVRAM up up

GigabitEthernet0/1 unassigned YES NVRAM administratively down down

Serial0/0/0 10.26.126.1 YES NVRAM up up

Serial0/0/1 unassigned YES NVRAM down down

Serial0/1/0:0 unassigned YES NVRAM down down

Serial0/1/1:0 unassigned YES unset down down ping 10.26.126.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.26.126.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

this is other site which i can no tping

Labels:
0 Helpful
4 Replies 4

Jason Fraioli
Level 3
Level 3

‎06-22-2008 12:35 PM

"show int ser 0/0/0" will tell you if there is an ACL on that interface

"show cdp neigbors" will show you if the device on the other side of serial 0/0/0 can talk to you (assuming it is a Cisco device)

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jason Fraioli

‎06-22-2008 12:45 PM

Jason

Actually sh int ser0/0/0 will not show whether there is an access list. But show ip int serial0/0/0 will show whether access lists are applied to the interface. Of course there is the possibility that there might be an access list on the interface of the other router. And there is not any way to determine that from this router.

I like the idea of using show CDP neighbor to validate connectivity on the link and to verify who the neighbor is. I would like it even better to show CDP neighbor detail which will not only tell us who the neighbor is but will tell us what IP address is configured on its serial interface. I wonder what the possibilities are that the address on the remote interface is not .2

HTH

Rick

HTH

Rick

Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎06-22-2008 12:58 PM

Mahesh

Another good thing that you could do to test the link is to see if you can ping your own serial interface address 10.26.126.1. If you can ping your own serial interface address it validates that the link is working and that the neighbor router has some address on the interface in the right subnet.

HTH

Rick

HTH

Rick
0 Helpful

Jason Fraioli
Level 3
Level 3
In response to Richard Burts

‎06-22-2008 04:55 PM

doh! sorry for that bad command. I knew it was one of the two, and wasn't in front of a console when I posted.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card