31 Days Before Your CCNA Exam

Day 6Verifying and Troubleshooting ACLImplementationsCCNA 640-802 Exam Topics■Verify and monitor ACLs in a network environment.■Troubleshoot ACL issues.Key TopicsToday’s review topics are rather brief compared to yesterday’s. This is so you can take the opportunityto fully review ACL implementations, including their configuration, verification, and troubleshooting.Today we review the verification commands and look at some possible troubleshooting scenarios.Verifying ACLsWhen you finish configuring an ACL, use the show commands to verify the configuration. Use theshow access-lists command to display the contents of all ACLs, as demonstrated in Example 6-1.By entering the ACL name or number as an option for this command, you can display a specificACL. To display only the contents of all IP ACLs, use the show ip access-list command.Example 6-1Verifying Access List ConfigurationRouterX#show access-listsStandard IP access list SALES10 permit 10.3.3.120 permit 10.4.4.130 permit 10.5.5.140 deny 10.1.1.0, wildcard bits 0.0.0.25550 permit anyExtended IP access list ENG10 permit tcp host 10.22.22.1 any eq telnet (25 matches)20 permit tcp host 10.33.33.1 any eq ftp30 permit tcp host 10.33.33.1 any eq ftp-dataNotice in the output from the show access-lists command in Example 6-1 that sequence numbers areincremented by 10—most likely because the administrator did not enter a sequence number. Alsonotice that this command tells you how many times IOS has matched a packet to a statement—25times in the case of the first statement in the named ACL ENG.