ACL (xxx matches) Question???

Unanswered Question
May 12th, 2008

What exactly does the '1234 matches' mean...???

deny tcp any any eq smtp (171131 matches)

Is this basically saying there were 171131 attempts to use smtp so this is how many times traffic matched this statement and was denied?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Mon, 05/12/2008 - 06:08

to be more exact, there were 171131 packets that matched on this ACL (assuming other ACE's above it didn't stop a packet that would have matched on this one).

shane.wesley Mon, 05/12/2008 - 08:39

deny icmp any any (21704 matches)

deny tcp any any eq smtp (171131 matches)

deny tcp any any eq nntp

deny tcp any any eq 135

deny tcp any any eq 139 (39 matches)

That's the beginning of this ACL, so are you saying that 21704 matched the deny icmp rule, then 171131 matches that made it past there matched the deny smtp rule...???

Sorry if this is sounding like a dumb question, but just trying to understand exactly what the 'matches' are implying.

michael.leblanc Fri, 05/23/2008 - 17:27

It means that there were 21704 packets that matched the first ACE, and were dropped without being compared to any of the remaining ACEs in the ACL.

There were 171131 packets that matched the second ACE, and were dropped without being compared to any of the remaining ACEs in the ACL.

For a packet to be compared to the second ACE, it would be necessary for it NOT to have matched any preceding ACEs.

Actions

This Discussion