Access list troubleshooting
Troubleshoot access lists Cisco routers
Case:- All of the routers are advertising all of its local subnets using EIGRP 100. Access-list is applied on e0/0 interface of Router R2 in inside direction. EIGRP neighborship is working fine. Problem is that Ping does not work from Router R1 console to 22.214.171.124. While it works well for 126.96.36.199 & 188.8.131.52
ip address 10.1.1.2 255.255.255.252
ip access-group TEST in
R2#sh ip access-lists TEST
Extended IP access list TEST
10 permit ip host 10.1.1.1 184.108.40.206 0.0.0.25 (5 matches)
20 permit eigrp any any (1149 matches)
30 permit ip host 10.1.1.1 220.127.116.11 0.0.0.255 (15 matches)
40 permit ip host 10.1.1.1 18.104.22.168 0.0.0.255 (25 matches)
Solution:- Since it has been mentioned the ping works for other Loopback IPs from Router R1 console- means that routing is okay till R3. We need to try and ping 22.214.171.124 from Router R2 and see if it works.
Since it is stated that access-list is applied on interface e0/0 of Router R2 so we should analyze it.
If we look closely in the acl- we’d notice that the wildcard mask is incorrect. It should have been 0.0.0.255 instead of 0.0.0.25 in sequence no. 10.
So single digit missing is causing this. Also , before coming to the conclusion, we also need to verify the routing table for 126.96.36.199 subnet. And also run Traceroute for the destination IP.