How to Troubleshoot and Resolve ACL issues

Certification: Cisco CCNA Routing and Switching - Cisco Certified Network Associate Routing and Switching

ACLs are referred to as Access Control Lists. The primary purpose of an ACL is to filter the traffic which is passing through a device. The device makes use of ACL to figure out which data packets are permitted and which are supposed to be restricted. ACL will hold all the information regarding the data packets which have to be permitted. Based on the address information on each data packet, the device will consult the ACL to figure out whether the data packet has to be permitted over the network or not. There are basically two kinds of filtering used in ACL; IP ACLs and MAC ACLs. IP ACLs allows the data packets to be transmitted based on the IP Addresses from which they are sent or to where they have to be sent. Similarly, MAC ACLs apply to MAC addresses of devices in a network.

Even though the process is quite essential in the flow of data, there are certain issues which make the traffic behave unusually. Due to these problems, the required data packets might be restricted or the important ones could be transmitted over the network leading to leakage of important information. In this regard, it becomes very important to devise ways to troubleshoot and resolve these issues. Following, you will find various ways in which you can identify and troubleshoot these problems.

Identifying Interfaces having ACLs

Whenever you experience issues with your network and you feel that it is related to ACLs, this is the first step which you should perform. You should check all the router configurations to check whether the ACLs have been applied on them or not. It might be possible that you are not using ACL at all in your network, which means that there is no point trying to go through these steps. However, if you find out that ACLs are being used, you should get to know on which interfaces they are being used. It is important because this information will let you know where you have to divert your attention. There are a number of commands which could allow you to get accesses to this information and use it for your purpose.

You can use the command “show IP interface” to get information regarding the ACLs which have been configured on the network. You will get a complete summary of the number of ACLs and where they are configured. In addition to this, you can also make use of “show run”command to get access to the interfaces on which ACL has been configured.

Identify the ACL creating issues

Once you identify the interfaces, the next step for you is to figure out which ACL is having issues which have led to problems in the network. This is important because you cannot solve the issue unless you know the root of the problem. Once you identify that which ACL is the one experiencing problems, you will be able to carry out the further tasks to eliminate the problem. There are certain commands which you can use to get to know information regarding the ACLs to see which ones are causing problems.

You can use the command “show access-list summary” to get all the information regarding the ACLs. You will get details which will enable you to judge where the problem is. You can also make use of “show IP access-list summary” in this regard if IP ACL has been applied on the devices in the network.

However, before we have a look at the process of troubleshooting, there are certain facts which you should keep in mind to be able to resolve the issue. ACLs are included in a network according to the process of first-match logic. This means that the ACL which has been assigned first will entertain the requests first. For example, ACL 8 will get processed before ACL 9 as it has been assigned first. This process is the one which provides you ease in figuring out where the actual problem lies.

Analyzing the ACLs

Once you have identified the specific ACL causing issues, you have to analyze in depth to find the root of the problem. In this regard, you have to identify the traffic which is being sent over it. The traffic could be ICMP, UDP or TCP. Once you identify the traffic, the next thing which you need to do is to find out the issue which could be altering the traffic and making it behave in an unusual manner. If the ACL is not functioning properly due to which this traffic is not being transmitted properly, you need to adjust the rules of ACL and make sure that the settings are done correctly.

Taking the Final step

Once you have gone through all of the processes to identify the root of the problem, it is time that you take the final step to eliminate the issue. Now, at this instance, there are two paths which you could opt for. Firstly, you can reconfigure the ACL that was either denying the traffic or transmitting unusual traffic. This reconfiguration would enable it to perform perfectly. You can then check the network to see if it is working fine. However, in case you cannot get to the root of the problem, there is another thing you can do. You can remove the ACL that was causing issues. Of course you will do this in case there is least amount of ACLs having some fault. Removing the faulty ACL would ensure that the network starts working properly again. Finally, you can again check the network to see if it is working properly. However, in case the network is not resolved after performing all of these steps, then you should consider starting all over again from the beginning.

Related IT Guides

  1. 4 weeks study plan for CCNA Routing and Switching exam
  2. CCNA Routing and Switching scope and sequence
  3. CCNA Routing and Switching: LAN switching and WAN technology
  4. Describe WAN Technologies
  5. Detailed analysis of various sections of CCNA Routing and Switching Exam
  6. How to configure and verify OSPF
  7. How to configure and verify syslog
  8. How to configure PVSTP operation: root bridge elections and spanning tree protocol IP addressing (IPv4 & IPv6)
  9. How to create a static route for CCNA routing and switching
  10. How to install and operate Cisco LAN switches
  11. How to prepare well for CCNA Routing and Switching 200-101
  12. How to Resolve Spanning Tree Operation Issues
  13. IP Data Networks: common applications and their impact on the network
  14. Recommended books for CCNA Routing and switching exam
  15. The basics of IPV6 addresses: Global
  16. What are Common Network Problems
  17. What are Network device security features?
  18. What is included in CCNA Routing and Switching Curriculum?
  19. Which abilities CCNA Routing and Switching certification validates?
  20. Why and how passing scores are changed from time to time for CCNA Routing and Switching?
100% Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.

Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.

The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired.)
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name.)
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as provides only the practice questions for these.
  11. Outdated Exam Products.
Get 10% Discount on Your Purchase When You Sign Up for E-mail

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

Braindumps Testing Engine

10% OFF

Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Your 10% Discount on Your Purchase

Save 10%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 10% discount on all your purchases:


Start Shopping