Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

About access-list match counter.

Hi to all

I`ve applied below access-list on catalys 6509 switch.

And then I applied

"ip access-group 110 in" to ethernet port.

Acl working is fine. but I`ve not see the any match counter list.

Your help with this would be appreciated.

Regards,

TEST#sh access-lists

ExtendedIP access list 110

10 deny ip any host 1.1.1.1

20 permit ip any any

6 REPLIES
New Member

Re: About access-list match counter.

i think if acl drop happens at hardware level this counter wont be incremented.

Hall of Fame Super Blue

Re: About access-list match counter.

Hi

This is because the acl's are processed in hardware by the PFC so you will not see matches on the acl.

Attached is a link to ACL processing on the 6500 which explains it in a whole more detail.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801609f6.html#wp1033602

HTH

Jon

New Member

Re: About access-list match counter.

Thanks for your comment.

And then

How do I see the acl match counters

on this swithc?

Re: About access-list match counter.

Dong, in the same link Jon provided see topic under "Optimized ACL Logging with a PFC3" for a way to accomplish acls hits logs, but unfortunately it seems this feature is supported on platforms with PFC3 plus other restrictions..

Very good link Jon have provided.

Jorge

New Member

Re: About access-list match counter.

Thank you every one!

I`m gonna set a test.

Thanks again.

New Member

Re: About access-list match counter.

Dear,

Is there no way to see the match counter list?

I have to check the match counter list..

Somebody help me!

493
Views
9
Helpful
6
Replies