Send documentation comments to mdsfeedback-doc@cisco.com
21-7
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 21 Troubleshooting IP Access Lists
IP-ACL Issues
Step 4 Use the ip access-list or the ipv6 access-list command to create an access list.
switch(config)# ip access-list List1 permit ip any any
Tip Add the filters in priority order. Add a fall-through filter in the case where no filter matches an incoming
packet.
Step 5 Use the ip access-group or the ipv6 traffic-filter command in interface mode to add the ACL to the
interface. Repeat this step for all interfaces found in Step 1.
switch(config)# interface gigabitethernet 2/1
switch(config-if)# ip access-group List1
switch(config)# interface gigabitethernet 2/2
switch(config-if)# ipv6 traffic-filter IPAlow
No Packets Are Blocked
Symptom No packets are blocked.
Table 21-4 No Packets Are blocked
Symptom Possible Cause Solution
No packets are
blocked.
A permit filter is too broad. Delete the permit filter. Add an appropriate permit filter.
Choose Security > IP ACL in Device Manager, right- click
the access list and click Rules. Right-click the rule and
click Delete.
Or use the no ip access-list for IPv4-ACLs or no ipv6
access-list for IPv6, and use the no permit CLI command
in IP-ACL configuration submode.
Permit filter is too high in the access
list order.
Delete the access list and re-create. See the “Re-creating
IP-ACLs Using Fabric Manager” section on page 21-5 or
the “Re-creating IP-ACLs Using the CLI” section on
page 21-6.
To Next Page
Loading...
Need help?
General