Operation not permitted

Symptom

The switch displays an operation not permitted message when a user attempts to send a ping request.

Example:

switch# ping 100.1.2.10
PING 100.1.2.10 (100.1.2.10) 100(128) bytes of data
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted


--- 100.1.2.10 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms

Cause

When an ACL is applied to the Control Plane, sending a ping request may be denied. If the ping packet matches a drop entry in the ACL, applying a Control Plane may block traffic sent from the switch CLI ping command.

When this situation occurs, the following error message is displayed: ping: sendmsg: Operation not permitted. The message indicates that the ICMP echo request packet has not been sent and is blocked by the Control Plane ACL.

When this message is not displayed, the ping request packet has been sent correctly. A ping failure in this case represents a failure to receive the ICMP echo reply packet.

NOTE:

This message may also be displayed on 8400/8320/8325 series switches when an egress ACL is applied and is blocking the ping.

Action

  1. Modify the ACL to allow the ping traffic.

  2. Unapply the ACL from egress (8400/8320/8325 switches) or Control Plane.

  3. Ping a destination which is not matched by the ACL. For example, if the ACL is blocking traffic based on destination IP. Depending on the ACL content, this might not always be possible like when the ACL blocks all ICMP packets.