Debug Command For Sequence Number on ACL

Unanswered Question
Nov 5th, 2009

Is their a way to run the dubug command to see what is happening on a specific sequence number within and ACL?

So for example if I have:

Extended IP access list 101

301 permit udp any eq ntp host 10.251.1.1 (12 matches)

310 permit udp host 10.214.1.2 host 10.251.1.3

320 permit tcp 10.0.0.0 0.255.255.255 host 10.251.134.81 eq www (12 matches)

I want to run a debug on sequence number 310 and that is it. So I can see the type of traffic and stuff hitting this speficic sequence number of ACL 106

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
andrewswanson Thu, 11/05/2009 - 14:56

try changing the acl line to:

310 permit udp host 10.214.1.2 host 10.251.1.3 log

add the global config command 'logging bufferred' and you can view the traffic hitting the logged acl line by using the command:

show log

hth

andy

mlund Fri, 11/06/2009 - 04:40

Hi

Maybe You can try to create a new access-list with only one line.

Then use this specific list with debug.

access-list 111 permit udp host 10.214.1.2 host 10.251.1.3

debug ip packet 111

/Mikael

Actions

This Discussion