328
Chapter 6
Troubleshooting TCP/IP Connectivity
172.16.0.0/16 is variably subnetted, 3 subnets, 2
masks
C 172.16.50.0/24 is directly connected, Ethernet0
D 172.16.60.0/24 [90/2195456] via 172.16.50.2,
00:31:39, Ethernet0
C 172.16.30.4/30 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 172.16.50.2
Router_B>
The "S" indicates that the route is a static route. The other routes are
either directly connected or learned via a routing protocol--in this case,
EIGRP.
IP Access Lists
T
roubleshooting access lists is a very simple task if you understand
how they are written and if you are familiar with the different protocols that
can be managed by using extended access lists.
Standard Access Lists
A standard access list is a sequential list of permit or deny statements that are
based on the source IP address of a packet. When a packet reaches a router,
the packet has to follow a different procedure, based on whether it's trying
to enter or leave an interface. If there's an access list on the interface, the
packet must go through every line in it until the packet matches the specified
criteria. If the packet goes through the entire list without a match, it is
dropped. For the packet to be forwarded, there has to be a permit statement
at the end of the list allowing that, or else the packet will simply be dropped.
In Cisco IOS, there's an implied deny statement at the end of the access
list, so if the purpose of your access list is to deny a few criteria but forward
everything else, you must include a permit statement as the final line of the
access list. However, you don't have to end the access list with a deny state-
ment if the list's purpose is to permit only certain criteria and drop the rest--
this is automatically understood.
Figure 6.10 shows a flowchart that describes the steps taken when a
packet enters or leaves an interface.
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com