Network Troubleshooting

Troubleshooting IP Connectivity

On routers, there may be ACLs configured that prohibit protocols from passing through the interface in the inbound or outbound direction.

Use the show ip access-lists command to display the contents of all IPv4 ACLs and the show ipv6 access-list command to show the contents of all IPv6 ACLs configured on a router. The specific ACL can be displayed by entering the ACL name or number as an option for this command; you can display a specific ACL. The show ip interfaces and show ipv6 interfaces commands display IPv4 and IPv6 interface information that indicates whether any IP ACLs are set on the interface.

Troubleshooting Example

To prevent spoofing attacks, the network administrator decided to implement an ACL preventing devices with a source network address of 172.16.1.0/24 from entering the inbound S0/0/1 interface on R3, as shown in Figure 1. All other IP traffic should be allowed.

However, shortly after implementing the ACL, users on the 10.1.10.0/24 network were unable to connect to devices on the 172.16.1.0/24 network, including SRV1. The show ip access-lists command shows that the ACL is configured correctly, as shown in Figure 2. However, the show ip interfaces serial 0/0/1 command reveals that the ACL was never applied to the inbound interface on s0/0/1. Further investigation reveals that the ACL was accidentally applied to the G0/0 interface, blocking all outbound traffic from the 172.16.1.0/24 network.

After correctly placing the IPv4 ACL on the s0/0/1 inbound interface, as shown in Figure 3, devices are able to successfully connect to the server.