Manualshelf

System information

ManualsBrandsDestination Audio ManualsComputer equipmentCS500C
101102103104105106107108109110
Troubleshooting TCP/IP 7-111
TCP/IP: Host Connections Fail Using Certain Applications
TCP/IP: Host Connections Fail Using Certain Applications
Symptom: Connection attempts using some applications are successful, but attempts using other
applications fail. For instance, you might be able to ping a host successfully, but Telnet connections
fail.
Table 7-6 outlines the problems that might cause this symptom and describes solutions to those
problems.
Table 7-6 TCP/IP: Host Connections Fail Using Certain Applications
Possible Problem Solution
Misconfigured
access lists
or other filters
Step 1 Use the show running-config command to check each router in the path.
See if there are IP access lists configured on the router.
Step 2 If there are IP access lists enabled on the router, disable them using the
appropriate commands. An access list may be filtering traffic from a TCP
or UDP
1
port.
For example, to disable input access list 80, enter the following
command:
C4000(config-if)#no ip access-group 80 in
Step 3
After disabling all the access lists on the router, determine whether the
application in question operates normally.
Step 4 If the application operates normally, an access list is probably blocking
traffic.
Step 5 To isolate the problem list, enable access lists one at a time until the
application no longer functions. Check the problem access list to
determine whether it is filtering traffic from any TCP or UDP ports.
Step 6 If the access list denies specific TCP or UDP ports, make sure that it does
not deny the port used by the application in question (such as TCP port 23
for Telnet).
Enter explicit permit statements for those ports used by applications you
want to have functional. The following commands allow DNS and NTP
2
requests and replies:
access-list 101 permit udp 0.0.0.0 255.255.255.255
0.0.0.0 255.255.255.255 eq 53
access-list 101 permit udp 0.0.0.0 255.255.255.255
0.0.0.0 255.255.255.255 eq 123
1 UDP = User Datagram Protocol
2 NTP = Network Time Protocol
Misconfigured
access lists
or other filters
Step 7 If you altered an access list, enable the list to see whether the application
can still operate normally.
Step 8 If the application operates normally, perform the preceding steps to
isolate any other problem access lists until the application operates
correctly with all access lists enabled.
For more information about misconfigured access lists, see the section
“Misconfigured Access List Example” later in this chapter. For more information
on configuring access lists, see the Cisco IOS configuration guides and command
references.