1 Reply Latest reply: Apr 25, 2012 6:36 PM by Paul Stewart - CCIE Security RSS

    dirty filtering

    Sampath Weerasinghe - CCIE

      Hi guys,


      In my topology ftp packets from R1 to R20 are not gettng though. (there are 19 routers between R1 and R20)

      If it was an icmp packet not getting though, I could do a debug ip icmp on

      R1 and I can catch the administratively prohibited message if

      an "ip access-group" has been placed somewhere. This is the quickest way

      to find the fault-point.


      But for other protocols like ftp there is not an equivalent command, so

      quickly finding the spot where "ip access-group" configured becomes

      time consuming.


      Curious as to how others approach this sort of issue...