Troubleshooting guide
10-47
ATM and Layer 3 Switch Router Troubleshooting Guide
OL-1969-01
Chapter 10 Troubleshooting Ethernet, ATM Uplink, and POS Uplink Interfaces
Troubleshooting ACL Daughter Card
The ACL daughter card allows you to create lists for network control and security that filter packet flow
into or out of router interfaces.
Packet Flow through ACL Daughter Card
Following is a description of the packet flow through an ACL daughter card:
Step 1 Ethernet processor interface receives the packet.
Step 2 The appropriate information (for example, IP addresses, protocol, and port numbers) is extracted from
the packet.
Step 3 The information described in Step 2 is passed to Access List Controller.
Step 4 The Access List Controller creates the ACL word for the ciscoCAM (132 bits).
Step 5 The ciscoCAM and associated RAM returns the access or deny bit and an index.
Step 6 The Ethernet processor interface accepts (forwards) or denies (drops) the packet.
Displaying ACL Daughter Card Configurations
To display the ACL daughter card interface module configuration, use the following commands:
Troubleshooting the ACL Daughter Cards
Follow these steps to troubleshoot the status of an ACL daughter card:
Step 1 Use the show running-config interface command to check the interface status and the access group
enabled on the interface.
Switch# show running-config interface fastEthernet 11/0/0
Building configuration...
Current configuration:
!
interface FastEthernet11/0/0
ip address 20.0.11.1 255.255.255.0
ip access-group 110 in
no ip directed-broadcast
end
This interface has access group 110 enabled.
Command Purpose
show running-config interface {fastethernet |
gigabitethernet} card/subcard/port
Displays the interface access list group
configuration.
show access-lists {list-name | list-name} Displays the access list configuration.
show epc acl lookup {in | out | ipqos}
{fastethernet | gigabitethernet}
card/subcard/port {protocol}source-address
destination-address
Displays the ACL daughter card function.