Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list searching

Hi all, I have only small questin. Do anyone of you know the way, how to easy find if communication is allowed or denied by access-list? I cannot try communication, I can only work with lines of access-list in console. Maybe its exist some program or script for searching in access-list. THX for you advice.

2 REPLIES

Re: Access-list searching

a) sh access-list (name )

It will show you the hitcount

inet-FW# sh access-list no-nat-dmz

access-list no-nat-dmz; 2 elements

access-list no-nat-dmz line 1 permit ip 10.157.36.0 255.255.255.0 10.0.0.0 255.0

.0.0 (hitcnt=0)

access-list no-nat-dmz line 2 permit icmp 10.100.36.0 255.255.255.0 10.0.0.0 255

.0.0.0 (hitcnt=0)

you can use the Pipe command for specifics such as

show access-list (name ) | include ftp

it will give you all lines containing deny

New Member

Re: Access-list searching

Hallo, thank you for your advice, but it will not help me, I know your way how to check access-list, but this way need me to know what line is going about. But my problem is, that I need to add new line and Im not sure if this communication isnt allowed somwhere up in the access-list (maybe with shorter mask, or full IP,...) I think that this need some software or script and Im not able to find something similar anywhere.

102
Views
0
Helpful
2
Replies