About access-list match counter.

Unanswered Question
Aug 29th, 2007
User Badges:

Hi to all


I`ve applied below access-list on catalys 6509 switch.

And then I applied

"ip access-group 110 in" to ethernet port.


Acl working is fine. but I`ve not see the any match counter list.


Your help with this would be appreciated.


Regards,






TEST#sh access-lists

ExtendedIP access list 110

10 deny ip any host 1.1.1.1

20 permit ip any any



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
nambi_gct Wed, 08/29/2007 - 00:59
User Badges:
  • Bronze, 100 points or more

i think if acl drop happens at hardware level this counter wont be incremented.

Jon Marshall Wed, 08/29/2007 - 01:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


This is because the acl's are processed in hardware by the PFC so you will not see matches on the acl.


Attached is a link to ACL processing on the 6500 which explains it in a whole more detail.


http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801609f6.html#wp1033602


HTH


Jon

moksu_0312 Wed, 08/29/2007 - 19:54
User Badges:

Thanks for your comment.


And then


How do I see the acl match counters


on this swithc?

JORGE RODRIGUEZ Wed, 08/29/2007 - 21:40
User Badges:
  • Green, 3000 points or more

Dong, in the same link Jon provided see topic under "Optimized ACL Logging with a PFC3" for a way to accomplish acls hits logs, but unfortunately it seems this feature is supported on platforms with PFC3 plus other restrictions..


Very good link Jon have provided.


Jorge

moksu_0312 Thu, 08/30/2007 - 16:52
User Badges:

Thank you every one!


I`m gonna set a test.


Thanks again.

moksu_0312 Thu, 08/30/2007 - 18:51
User Badges:

Dear,


Is there no way to see the match counter list?


I have to check the match counter list..


Somebody help me!

Actions

This Discussion