• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2000
  • Last Modified:

Cisco - Debug an access list

I would like to use a simple command to debug access-lists on a Cisco router.  The command is "debug ip packet detail 105" which will set debugging to access-list 105.  Here is my problem, how to I apply the same command if the access-list is defined by a word, not a list number?  Or is there a command that displays the access-list number of an access-list defined using a word?

Thanks....
0
captclam
Asked:
captclam
  • 2
1 Solution
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
There is no debug-command that "debugs" access-lists. What is it you want to debug? Most troubleshooting of access-list are done by looking at the hitcounts for each line in the acl.

What you do when you do "deb ip packet  is to debug transit packets thru the router but to only show traffic specified in the acl. That command doesnt troubleshoot the acl, that command troubleshoot traffic and the acl is a tool for specifying which traffic to look at. That command doesnt support named access-lists.

/Kvistofta
0
 
captclamAuthor Commented:
I understand what you are saying about debugging, so let me try asking this question.
Does a Cisco router assign a number to an access-list created by "ip access-list extended LIST_NAME"?  So does the access-list "LIST_NAME" have a number as well?  If so how can I see this number.
 
Thanks.
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
No, named access-lists does not have a number.

/Kvistofta
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now