Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
477
Views
9
Helpful
6
Replies

Issue with ACL and ACL rules.

nehakulsum
Level 1
Level 1

‎06-30-2009 02:41 AM - edited ‎03-06-2019 06:31 AM

Hi Experts,

I have question on acl rule entries matches but doesn't affect/increase the match count on the output cmd(show access-list).

Syntax:-

I have acl rule configured as :

Permit ip 20.0.0.0 0.0.255.255 20.16.105.0 0.0.0.255 on my cisco 6500 switch and we are able to access the servers on 20.16.105.x network without any problem and we are happy about this.

Now the problem here is Why am I not able to see this rule hitting on the show access-list cmd? There are lot of users accessing the dst network/servers at the same time but still there is no match under the cmd.

#show access-list

Permit ip 20.0.0.0 0.0.255.255 20.16.105.0 0.0.0.255 ---> (Here i see no matches were as there should be increase count of matches when the traffic flows frm src to dst and vice version for this acl rule.

Is this the bug or anything else?

Any help would be greatly appricated.

Labels:
0 Helpful
6 Replies 6

mahmoodmkl
Level 7
Level 7

‎06-30-2009 02:46 AM

Hi

Probably this is due to the acl entires are hardware processed they are not hitting the CPU.

Thanks

Mahmood

0 Helpful

nehakulsum
Level 1
Level 1
In response to mahmoodmkl

‎06-30-2009 03:03 AM

Yes I agree with you. It is hardware processed but only why this rule is not hitting the matches were as I have other rule were i see the acl entries are getting matches.

Is there any way to findout this?

Thanks in advance.

REgards

Neha

0 Helpful

nehakulsum
Level 1
Level 1
In response to Collin Clark

‎06-30-2009 05:57 AM

Hi collin,

Thanks for the wonderfull link. Can you just tell me how exactly I need to enable on the switch?

Thanks in advance.

Regard

Neha.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to nehakulsum

‎06-30-2009 06:15 AM

You would need to use Process Switching instead of CEF. Please note the second sentence in the link above.Unfortunately, ACL logging can be CPU intensive and can negatively affect other functions of the network device. Process switching may or may not be available, depending on the platform of your device. I highly recommend you do NOT enable process switching.

http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdovips.html

nehakulsum
Level 1
Level 1
In response to Collin Clark

‎06-30-2009 06:33 AM

HI collin,

Thanks a ton this is what I was looking it for.

Appriciate for your time and solution provided.

Regards,

Neha.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card