Operation not permitted

Symptom

The switch displays an "operation not permitted" message when a user attempts to send a ping request.

Example: 

switch# ping 100.1.2.10
PING 100.1.2.10 (100.1.2.10) 100(128) bytes of data
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted


--- 100.1.2.10 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms
Cause

When an ACL is applied on egress or an ACL is applied to the Control Plane, sending a ping request may be denied. If the ping packet matches a drop entry in the ACL, applying an egress ACL may block traffic sent from the switch CLI ping command.

When this situation occurs, the following error message is displayed: ping: sendmsg: Operation not permitted. The message indicates that the ICMP echo request packet has not been sent and is blocked by an egress ACL.

When this message is not displayed, the ping request packet has been sent correctly. A ping failure in this case represents a failure to receive the ICMP echo reply packet.

Action
  1. Modify the ACL to allow the ping traffic.
  2. Unapply the ACL from egress.
  3. Ping a destination which is not matched by the ACL. For example, if the ACL is blocking traffic based on destination IP. Depending on the ACL content, this might not always be possible like when the ACL blocks all ICMP packets.