Packet size using ACL

Unanswered Question
Jul 21st, 2010
User Badges:


Is there a way to catch packet size of a packet coming into an interface using an ACL. I don't need the exact packet size etc,  but packet above a certain MTU size may be blocked etc. so that i can see the counter increment.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tharak Abraham Wed, 07/21/2010 - 06:09
User Badges:
  • Bronze, 100 points or more


Dont think there is an option with ACL for packet length matching.

But you may match Values in IP Packet using ACL's

You may use route-maps to accomplish the same.

R1(config)#route-map new permit 10

R1(config-route-map)#match length 100 100 (matches 100 byte packets)
min and max length can be given which may suit your requirement.
Hope to help,

victor_87 Wed, 07/21/2010 - 06:16
User Badges:

Does a route map work for Multicast traffic? thats what i need.


Tharak Abraham Wed, 07/21/2010 - 06:36
User Badges:
  • Bronze, 100 points or more


You may match the destination group using ACL and tie the ACL and the length of the packet under the route-map with logical "and".

That should do the job !

vigneshjogyala Wed, 07/21/2010 - 22:28
User Badges:

Hmm, that sounds like it but i dont think Route Maps work on Multicast groups. I am not exactly sure but remember reading that somewhere. I can just test this on my production device hence need to try and set this up in my lab and see how it works.

Let me know if you find something meanwhile.



This Discussion