332
Chapter 6
Troubleshooting TCP/IP Connectivity
The same procedures and commands that are used to analyze standard
access lists apply to extended access lists. The only difference is the different
criteria that can be used with extended access lists.
In addition to correctly analyzing the lines of the access list, you must
know which way the list is applied to the interface. By conceptualizing the
packet flow through an interface and the subsequent access list, you will be
successful in troubleshooting access listrelated problems. Here is a sample
extended access list:
access-list 101 deny tcp any any eq chargen
access-list 101 deny tcp any any eq daytime
access-list 101 deny tcp any any eq discard
access-list 101 deny tcp any any eq echo
access-list 101 deny tcp any any eq finger
access-list 101 deny tcp any any eq kshell
access-list 101 deny tcp any any eq klogin
access-list 101 deny tcp any any eq 37
access-list 101 deny tcp any any eq uucp
access-list 101 deny udp any any eq biff
access-list 101 deny udp any any eq bootpc
access-list 101 deny udp any any eq bootps
access-list 101 deny udp any any eq discard
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny udp any any eq netbios-ns
access-list 101 permit udp host 172.16.10.2 any eq snmp
access-list 101 deny udp any any eq snmp
access-list 101 permit udp host 172.16.10.2 any eq
snmptrap
access-list 101 deny udp any any eq snmptrap
access-list 101 deny udp any any eq who
access-list 101 permit udp 172.16.50.0 0.0.0.255 any eq
xdmcp
access-list 101 deny udp any any eq xdmcp
access-list 101 permit tcp any any
access-list 101 permit udp any any
access-list 101 permit icmp any any
access-list 101 permit igmp any any
access-list 101 permit eigrp any any
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com