cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
891
Views
0
Helpful
3
Replies

ACL (xxx matches) Question???

shane.wesley
Level 1
Level 1

What exactly does the '1234 matches' mean...???

deny tcp any any eq smtp (171131 matches)

Is this basically saying there were 171131 attempts to use smtp so this is how many times traffic matched this statement and was denied?

Thanks

3 Replies 3

srue
Level 7
Level 7

to be more exact, there were 171131 packets that matched on this ACL (assuming other ACE's above it didn't stop a packet that would have matched on this one).

deny icmp any any (21704 matches)

deny tcp any any eq smtp (171131 matches)

deny tcp any any eq nntp

deny tcp any any eq 135

deny tcp any any eq 139 (39 matches)

That's the beginning of this ACL, so are you saying that 21704 matched the deny icmp rule, then 171131 matches that made it past there matched the deny smtp rule...???

Sorry if this is sounding like a dumb question, but just trying to understand exactly what the 'matches' are implying.

It means that there were 21704 packets that matched the first ACE, and were dropped without being compared to any of the remaining ACEs in the ACL.

There were 171131 packets that matched the second ACE, and were dropped without being compared to any of the remaining ACEs in the ACL.

For a packet to be compared to the second ACE, it would be necessary for it NOT to have matched any preceding ACEs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: