06-17-2007 10:53 PM - edited 02-20-2020 09:39 PM
Hi all, I have only small questin. Do anyone of you know the way, how to easy find if communication is allowed or denied by access-list? I cannot try communication, I can only work with lines of access-list in console. Maybe its exist some program or script for searching in access-list. THX for you advice.
06-18-2007 03:42 AM
a) sh access-list (name )
It will show you the hitcount
inet-FW# sh access-list no-nat-dmz
access-list no-nat-dmz; 2 elements
access-list no-nat-dmz line 1 permit ip 10.157.36.0 255.255.255.0 10.0.0.0 255.0
.0.0 (hitcnt=0)
access-list no-nat-dmz line 2 permit icmp 10.100.36.0 255.255.255.0 10.0.0.0 255
.0.0.0 (hitcnt=0)
you can use the Pipe command for specifics such as
show access-list (name ) | include ftp
it will give you all lines containing deny
06-19-2007 04:51 AM
Hallo, thank you for your advice, but it will not help me, I know your way how to check access-list, but this way need me to know what line is going about. But my problem is, that I need to add new line and Im not sure if this communication isnt allowed somwhere up in the access-list (maybe with shorter mask, or full IP,...) I think that this need some software or script and Im not able to find something similar anywhere.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: