Access-list troubleshooting

Projects-8 access-list troubleshooting

Case:- All of the routers are advertising all of its local subnets using EIGRP 100.  Access-list is applied on e0/0 interface of Router R2 in inside direction. EIGRP neighborship is working fine. Problem is that Ping does not work from Router R1 console to 200.1.1.10. While it works well for 210.1.1.10 & 100.1.1.10

interface Ethernet0/0

 ip address 10.1.1.2 255.255.255.252

 ip access-group TEST in

 

R2#sh ip access-lists TEST

Extended IP access list TEST

10 permit ip host 10.1.1.1 200.1.1.0 0.0.0.25 (5 matches)

20 permit eigrp any any (1149 matches)

30 permit ip host 10.1.1.1 100.1.1.0 0.0.0.255 (15 matches)

40 permit ip host 10.1.1.1 210.1.1.0 0.0.0.255 (25 matches)

Solution:-  Since it has been mentioned the ping works for other Loopback IPs from Router R1 console- means that routing is okay till R3. We need to try and ping 200.1.1.10 from Router R2 and see if it works.

Since it is stated that access-list is applied on interface e0/0 of Router R2 so we should analyze it.

If we look closely in the acl- we’d notice that the wildcard mask is incorrect. It should have been 0.0.0.255 instead of 0.0.0.25 in sequence no. 10.

So single digit missing is causing this. Also , before coming to the conclusion, we also need to verify the routing table for 210.1.1.0 subnet. And also run Traceroute for the destination IP.

Sitewide-15dollars640x480

Facebook Comments

Leave a Reply

Your email address will not be published. Required fields are marked *