Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to show a specific port in a router 6509?

This router currently has IOS 12.2. My task is to find out SSH connections from a source ip to a destination ip. I believe ssh port number is 22(correct me if I'm wrong).

The user in the office is using an app that uses SSH connection to connect to a datacenter at another location. So, what command do i use to find out that it actually goes through our office router(6509)?

thanks

2 REPLIES
Hall of Fame Super Silver

Re: How to show a specific port in a router 6509?

Hello Lei,

you need to use an extended ACL.

access-list 111 permit tcp host user-ip destination-ip eq 22

then you have two choices

use

debug ip packet det 111

or you apply a modified ACL like

access-list 112 permit tcp host user-ip destination-ip eq 22 log

access-list 112 permit ip any any

applied on the SVI where the user is:

int Vlan X

ip access-group 112

in the same way you can think to analyze the return path.

ACLs for return path have to be like

access-list 113 permit tcp host server-addr eq 22 host user-ip-addr

don't use the debug without the ACL.

verify the ACL numbers you use are not already present in the device.

Hope to help

Giuseppe

Hall of Fame Super Bronze

Re: How to show a specific port in a router 6509?

228
Views
0
Helpful
2
Replies