How to tell if interesting traffic is being blocked or allowed by an ACL

Solved
NetNut
New here

How to tell if interesting traffic is being blocked or allowed by an ACL

Is there a way to know if traffic is being blocked by an ACL, perhaps in an event log or something?  I have a customer who could not get to a site and turns out there was an ACL on the switch that I did not know about.  I would have hoped there were some type of monitor tool or something that I could have referred to reporting 'traffic dropped' based on the supposed visibility that is supposed to exist, but I could not find anything.

1 Accepted Solution
GIdenJoe
Kind of a big deal
Kind of a big deal

Meraki does have great visibility in your network but a switch ACL remains a switch ACL which is stateless.  If your switch would have to bother to log every packet you might as well use a stateful firewall to route your intervlan traffic.  But then you would have to scale that firewall according to all traffic passing it.

The only drawback is that you don't have packet counters like you can have on more powerful switches.

View solution in original post

3 Replies 3
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @NetNut , it would be worth exporting your logs to a syslog server. This would capture all data and give you something to refer to when troubleshooting 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
GIdenJoe
Kind of a big deal
Kind of a big deal

Meraki does have great visibility in your network but a switch ACL remains a switch ACL which is stateless.  If your switch would have to bother to log every packet you might as well use a stateful firewall to route your intervlan traffic.  But then you would have to scale that firewall according to all traffic passing it.

The only drawback is that you don't have packet counters like you can have on more powerful switches.

NetNut
New here

Uccert, GldnJoe,,,

Got it, both makes sense. -thanks.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels