08-29-2007 12:53 AM - edited 03-05-2019 06:09 PM
Hi to all
I`ve applied below access-list on catalys 6509 switch.
And then I applied
"ip access-group 110 in" to ethernet port.
Acl working is fine. but I`ve not see the any match counter list.
Your help with this would be appreciated.
Regards,
TEST#sh access-lists
ExtendedIP access list 110
10 deny ip any host 1.1.1.1
20 permit ip any any
08-29-2007 12:59 AM
i think if acl drop happens at hardware level this counter wont be incremented.
08-29-2007 01:57 AM
Hi
This is because the acl's are processed in hardware by the PFC so you will not see matches on the acl.
Attached is a link to ACL processing on the 6500 which explains it in a whole more detail.
HTH
Jon
08-29-2007 07:54 PM
Thanks for your comment.
And then
How do I see the acl match counters
on this swithc?
08-29-2007 09:40 PM
Dong, in the same link Jon provided see topic under "Optimized ACL Logging with a PFC3" for a way to accomplish acls hits logs, but unfortunately it seems this feature is supported on platforms with PFC3 plus other restrictions..
Very good link Jon have provided.
Jorge
08-30-2007 04:52 PM
Thank you every one!
I`m gonna set a test.
Thanks again.
08-30-2007 06:51 PM
Dear,
Is there no way to see the match counter list?
I have to check the match counter list..
Somebody help me!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide