08-29-2007 12:53 AM - edited 03-05-2019 06:09 PM
Hi to all
I`ve applied below access-list on catalys 6509 switch.
And then I applied
"ip access-group 110 in" to ethernet port.
Acl working is fine. but I`ve not see the any match counter list.
Your help with this would be appreciated.
Regards,
TEST#sh access-lists
ExtendedIP access list 110
10 deny ip any host 1.1.1.1
20 permit ip any any
08-29-2007 12:59 AM
i think if acl drop happens at hardware level this counter wont be incremented.
08-29-2007 01:57 AM
Hi
This is because the acl's are processed in hardware by the PFC so you will not see matches on the acl.
Attached is a link to ACL processing on the 6500 which explains it in a whole more detail.
HTH
Jon
08-29-2007 07:54 PM
Thanks for your comment.
And then
How do I see the acl match counters
on this swithc?
08-29-2007 09:40 PM
Dong, in the same link Jon provided see topic under "Optimized ACL Logging with a PFC3" for a way to accomplish acls hits logs, but unfortunately it seems this feature is supported on platforms with PFC3 plus other restrictions..
Very good link Jon have provided.
Jorge
08-30-2007 04:52 PM
Thank you every one!
I`m gonna set a test.
Thanks again.
08-30-2007 06:51 PM
Dear,
Is there no way to see the match counter list?
I have to check the match counter list..
Somebody help me!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: