cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
0
Helpful
2
Replies

Access-list searching

tprochazka
Level 1
Level 1

Hi all, I have only small questin. Do anyone of you know the way, how to easy find if communication is allowed or denied by access-list? I cannot try communication, I can only work with lines of access-list in console. Maybe its exist some program or script for searching in access-list. THX for you advice.

2 Replies 2

anandramapathy
Level 3
Level 3

a) sh access-list (name )

It will show you the hitcount

inet-FW# sh access-list no-nat-dmz

access-list no-nat-dmz; 2 elements

access-list no-nat-dmz line 1 permit ip 10.157.36.0 255.255.255.0 10.0.0.0 255.0

.0.0 (hitcnt=0)

access-list no-nat-dmz line 2 permit icmp 10.100.36.0 255.255.255.0 10.0.0.0 255

.0.0.0 (hitcnt=0)

you can use the Pipe command for specifics such as

show access-list (name ) | include ftp

it will give you all lines containing deny

Hallo, thank you for your advice, but it will not help me, I know your way how to check access-list, but this way need me to know what line is going about. But my problem is, that I need to add new line and Im not sure if this communication isnt allowed somwhere up in the access-list (maybe with shorter mask, or full IP,...) I think that this need some software or script and Im not able to find something similar anywhere.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: