access list permit matching

Unanswered Question
Aug 12th, 2010
User Badges:

on 3560

there is access list and on access list there are permit statements. when i check with show access-list i do not see any matches.. But if i make it deny there are matches... Is there any bug?


Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 08/12/2010 - 05:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

akyuznet45 wrote:


on 3560

there is access list and on access list there are permit statements. when i check with show access-list i do not see any matches.. But if i make it deny there are matches... Is there any bug?


Thank you.


No there is no bug. Permit statements are dealt with in hardware so you do not see any hits on the acl. However deny statements are also dealt with in hardware usually. Do you have the "log" keyword at the end of the deny statements ?


Jon

Muhammed AKYUZ Fri, 08/13/2010 - 07:47
User Badges:

I did not understand your comment Marshall. Which one is on the hardware? permit or deny? we are getting only problem permit layer 4 access list.. we do not have matching problem with permit L3 access lists...


Thank you.

Tharak Abraham Fri, 08/13/2010 - 08:26
User Badges:
  • Bronze, 100 points or more

Aky,


Jon meant to see/view the matched packets by the access-list.

Even i understood your question in that way first..-:)


Seems you cannot see the access list created when doing a sh access-list rite ?

If its visible in the sh run then it seems to be a problem i never encountered.


Try the command sh access-list 1 (with the no)


If nothing works then it sounds buggy..

Actions

This Discussion