You will use the show access-lists command to determine
information about the access list(s) in place to troubleshoot all these problems.
Problem: Host Connectivity
Host 10.1.1.1 has no connectivity with 10.100.100.1. The following output reveals information
about the access list(s) in place to help determine the possible cause of the problem:
RouterX# sshhooww aacccceessss--lliissttss 1100
Standard IP access list 10
10 deny 10.1.1.0, wildcard bits 0.0.0.255
20 permit 10.1.1.1
30 permit ip any any
The cause of this problem is that Host 10.1.1.1 has no connectivity with 10.100.100.1 because of
the order of the access list 10 rules. Because the router processes ACLs from the top down,
statement 10 would deny host 10.1.1.1, and statement 20 would not be processed. The solution to
this problem is to reverse statements 10 and 20.
S0
10.160.22.11
ACL Inbound
10.0.0.0
172.16.0.0
192.168.1.0
Host
10.1.1.1
S0
10.160.22.33
Router X
Host 10.100.100.1
242 Chapter 6: Managing Traffic with Access Control Lists
The 192.168.1.0 network cannot use TFTP to connect to 10.100.100.1. The following output
reveals information about the access list(s) in place to help determine the possible cause of the
problem:
RouterX# sshhooww aacccceessss--lliissttss 112200
Extended IP access list 120
10 deny tcp 172.
Pages:
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367