We have an extended ACL on a 6509 running IOS ver 12.2(17r)S2, RELEASE SOFTWARE (fc1)
I have added the following line:-
1320 permit udp host 172.18.6.0 0.0.0.250 172.16.1.5 eq syslog
This is working as I am now getting syslog messages on the 172.16.1.5 box but I wanted to tidy up the rest of the access list and remove rules that are not used. To do this I was going to look at which rules are not showing any matches but hardly any of them are including this new one (although some are)
It must be hitting this rule as when I remove it I no longer get syslogs so it's not hitting another rule higher up.
I tried to use the Cisco bug toolkit but this version of the IOS doesn't show up on there? Is this likely to be an IOS bug or something I'm doing wrong?
thanks for any help.
The reason you are not seeing any matches -when you look at the access-list is because access-list entries that are processed in hardware by the PFC (Policy Feature Card) do not increment the match count.
If the access-list entry was processed in software, and this can happen, then you would see it in the match count.
See this link for full details on what is processed in hardware and software regarding acl's.