cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1013
Views
9
Helpful
6
Replies

About access-list match counter.

moksu_0312
Level 1
Level 1

Hi to all

I`ve applied below access-list on catalys 6509 switch.

And then I applied

"ip access-group 110 in" to ethernet port.

Acl working is fine. but I`ve not see the any match counter list.

Your help with this would be appreciated.

Regards,

TEST#sh access-lists

ExtendedIP access list 110

10 deny ip any host 1.1.1.1

20 permit ip any any

6 Replies 6

nambi_gct
Level 1
Level 1

i think if acl drop happens at hardware level this counter wont be incremented.

Jon Marshall
Hall of Fame
Hall of Fame

Hi

This is because the acl's are processed in hardware by the PFC so you will not see matches on the acl.

Attached is a link to ACL processing on the 6500 which explains it in a whole more detail.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801609f6.html#wp1033602

HTH

Jon

Thanks for your comment.

And then

How do I see the acl match counters

on this swithc?

Dong, in the same link Jon provided see topic under "Optimized ACL Logging with a PFC3" for a way to accomplish acls hits logs, but unfortunately it seems this feature is supported on platforms with PFC3 plus other restrictions..

Very good link Jon have provided.

Jorge

Jorge Rodriguez

Thank you every one!

I`m gonna set a test.

Thanks again.

Dear,

Is there no way to see the match counter list?

I have to check the match counter list..

Somebody help me!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco