Chapter 15. Configuring Network Address Translation (NAT)

Previous page
Table of content
Next page
 <  Free Open Study  >  

Displaying Access Lists

By now, you might want to display or troubleshoot your access lists. To view the access lists, use the following commands from the enable prompt:

  • show access-list ” Displays access lists from all protocols. This command displays the number of packets that pass each line of an access list. Use the clear access-list counter command to clear these counters.

  • show ip access-list [ access-list number ] ” Displays all IP access lists defined. If you select a specific access list for display, only that list will be displayed. This command displays the number of packets that pass each line of an access list. Use the clear access-list counter command to clear these counters.

  • show log ” This command is used in conjunction with the log keyword trailing any access list. Be sure to have a logging buffered command in the configuration to capture all the console messages. This message includes the access list number, information on whether the packet was permitted or denied, the protocol, and if applicable , the source and destination addresses. To prevent huge log files, the router generates this message only for the first packet that matches and then at 5-minute intervals, including the number of packets permitted or denied in the previous 5-minute interval.

Example 14-8 lists the output of the show ip access-list command.

Example 14-8 show ip access-list Command Output 
 access_router#  show ip access-lists  Standard IP access list 69     permit 206.191.241.0, wildcard bits 0.0.0.255 log Extended IP access list 101     deny udp host 172.16.16.2 host 204.221.151.211 eq domain     permit tcp any any established (15992 matches)     permit ip any 192.168.5.0 0.0.0.255 (43 matches)     permit ip any 204.221.151.0 0.0.0.255 (169 matches)     permit icmp any any echo (78 matches)     permit icmp any any echo-reply (9 matches)     permit tcp any any eq www (216 matches)     permit udp any any Extended IP access list 110     permit ip any any (37779 matches)     permit tcp any any established Extended IP access list 199     permit tcp any any established (175 matches)     deny ip 206.191.241.40 0.0.0.7 any     deny ip host 206.191.194.42 host 206.191.194.42     permit icmp any any echo     permit icmp any any echo-reply     permit tcp any 206.191.241.40 0.0.0.7 eq www     permit tcp any 206.191.241.40 0.0.0.7 eq smtp     permit tcp any 206.191.241.40 0.0.0.7 eq domain     permit udp any 206.191.241.40 0.0.0.7 eq domain     deny tcp any 206.191.241.40 0.0.0.7 lt 1024     deny tcp any 206.191.241.40 0.0.0.7 gt 1023     permit udp any 206.191.241.40 0.0.0.7 gt 1023 (13 matches)     deny udp any 206.191.241.40 0.0.0.7 gt 50000     deny udp any 206.191.241.40 0.0.0.7 lt 1024 access_router#
 <  Free Open Study  >  

Previous page
Table of content
Next page
CCIE Practical Studies, Volume I
CCIE Practical Studies, Volume I
ISBN: 1587200023
EAN: 2147483647
Year: 2001
Pages: 283
Authors: Karl Solie
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Cisco CallManager Fundamentals (2nd Edition)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy