Cisco ICND2 – Troubleshoot ACL implementation issues

Some tips when troubleshooting ACL:

  • Ensure correct IP and wildcast masks are correctly entered into the ACL
  • Ensure an access-group is applied to an interface
  • If no traffic is permitted, all traffic will be denied, there is an explicit deny.
  • Access-lists are read top to bottom, if a first match is found it will stop reading. So if a deny is specified it may block a permit statement. Order of ACL is important.
  • Remarks can be added to ACL to make reading them in future easier using the access-list <number> remark “This ACL blocks FTP”