Debug an ACL

Answered Question
Feb 25th, 2009
User Badges:

Hello,


I've configured an ACL in a BVI interface an now is working as intended. But I would like to know which access-list statement matchs with the traffic flowing through the interface.


I've tried with the "debug ip packet <access-list>" but it doesn't show the traffic denied.


Regards,

Correct Answer by adamclarkuk_2 about 8 years 1 month ago

Try adding a log to the end of the ACL, this should force a punt to the CPU.


debug ip packet only shows process switched traffic.


The other "drastic" measure is to turn off cef, but I dont recommend doing that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
adamclarkuk_2 Wed, 02/25/2009 - 03:26
User Badges:
  • Silver, 250 points or more

Try adding a log to the end of the ACL, this should force a punt to the CPU.


debug ip packet only shows process switched traffic.


The other "drastic" measure is to turn off cef, but I dont recommend doing that.

cdelafuente31 Wed, 02/25/2009 - 03:55
User Badges:

The ACL does what I want. The problem is the 5 minute interval between statistics.


Thank you very much.

Actions

This Discussion