Options

ACL question

SteveFerSteveFer Member Posts: 69 ■■□□□□□□□□
in CCNA & CCENT
In Todds CCNA book, near the end of the EIGRP chapter, he talks about checking ACLs on a router for troubleshooting EIGRP, he says "For CCNA objectives, always check for an ACL on the actual interface, not just in the routing table " I'm a bit confused by the routing table part, how would an ACL be applied in a routing table, or would I check for an ACL in a routing table? I would always apply an ACL to an interface. Does he mean make sure to use commands that show which interfaces have ACLS, as opposed to ACLS that are on the router?
· Share on FacebookShare on Twitter

Comments

  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    No way to check for an ACL directly in the routing table, but maybe he meant to just verify what routes should be there are?
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • Options
    xnxxnx Member Posts: 464 ■■■□□□□□□□
    I think it means you have to check if an access list has been applied to an interface itself using 'ip access-group' in subinterface mode and also defining a direction in whcih to check a flow.

    Specifically an ACL may be blocking the EIGRP transport protocol since it doesn't use TCP / UDP..

    E.g:
    R1(Config): int fa0/0
    R1(Config-if): ip access-group 10 in

    That will check ACL number 10 for all inbound flows towards the interface.

    Extra point:
    You can check your access lists with the show 'ip access-list' command, if you want to see a specific ACL rule then put the number or name after.
    Getting There ...

    Lab Equipment: Using Cisco CSRs and 4 Switches currently
    · Share on FacebookShare on Twitter
Sign In or Register to comment.