Debug an ACL

Answered Question
Feb 25th, 2009

Hello,

I've configured an ACL in a BVI interface an now is working as intended. But I would like to know which access-list statement matchs with the traffic flowing through the interface.

I've tried with the "debug ip packet <access-list>" but it doesn't show the traffic denied.

Regards,

I have this problem too.
0 votes
Correct Answer by adamclarkuk_2 about 7 years 9 months ago

Try adding a log to the end of the ACL, this should force a punt to the CPU.

debug ip packet only shows process switched traffic.

The other "drastic" measure is to turn off cef, but I dont recommend doing that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
adamclarkuk_2 Wed, 02/25/2009 - 03:26

Try adding a log to the end of the ACL, this should force a punt to the CPU.

debug ip packet only shows process switched traffic.

The other "drastic" measure is to turn off cef, but I dont recommend doing that.

cdelafuente31 Wed, 02/25/2009 - 03:55

The ACL does what I want. The problem is the 5 minute interval between statistics.

Thank you very much.

Actions

This Discussion