05-12-2008 05:20 AM - edited 02-20-2020 09:40 PM
What exactly does the '1234 matches' mean...???
deny tcp any any eq smtp (171131 matches)
Is this basically saying there were 171131 attempts to use smtp so this is how many times traffic matched this statement and was denied?
Thanks
05-12-2008 06:08 AM
to be more exact, there were 171131 packets that matched on this ACL (assuming other ACE's above it didn't stop a packet that would have matched on this one).
05-12-2008 08:39 AM
deny icmp any any (21704 matches)
deny tcp any any eq smtp (171131 matches)
deny tcp any any eq nntp
deny tcp any any eq 135
deny tcp any any eq 139 (39 matches)
That's the beginning of this ACL, so are you saying that 21704 matched the deny icmp rule, then 171131 matches that made it past there matched the deny smtp rule...???
Sorry if this is sounding like a dumb question, but just trying to understand exactly what the 'matches' are implying.
05-23-2008 05:27 PM
It means that there were 21704 packets that matched the first ACE, and were dropped without being compared to any of the remaining ACEs in the ACL.
There were 171131 packets that matched the second ACE, and were dropped without being compared to any of the remaining ACEs in the ACL.
For a packet to be compared to the second ACE, it would be necessary for it NOT to have matched any preceding ACEs.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: