access list permit matching

Muhammed AKYUZ · ‎08-12-2010

on 3560

there is access list and on access list there are permit statements. when i check with show access-list i do not see any matches.. But if i make it deny there are matches... Is there any bug?

Thank you.

Jon Marshall · ‎08-12-2010

akyuznet45 wrote:

on 3560

there is access list and on access list there are permit statements. when i check with show access-list i do not see any matches.. But if i make it deny there are matches... Is there any bug?

Thank you.

No there is no bug. Permit statements are dealt with in hardware so you do not see any hits on the acl. However deny statements are also dealt with in hardware usually. Do you have the "log" keyword at the end of the deny statements ?

Jon

Muhammed AKYUZ · ‎08-13-2010

I did not understand your comment Marshall. Which one is on the hardware? permit or deny? we are getting only problem permit layer 4 access list.. we do not have matching problem with permit L3 access lists...

Thank you.

Tharak Abraham · ‎08-13-2010

Aky,

Jon meant to see/view the matched packets by the access-list.

Even i understood your question in that way first..-:)

Seems you cannot see the access list created when doing a sh access-list rite ?

If its visible in the sh run then it seems to be a problem i never encountered.

Try the command sh access-list 1 (with the no)

If nothing works then it sounds buggy..