when I had an issue troubleshooting, i noticed that ACLs count for ICMP messages twice as they are, is that real behlavour and why?, or I have a loop in my network?
My topology was two dircet Switches (SW2 & SW4) connected directly to each other using L3 port-channel, i setup ACL on SW4 states as the following
access-list 101 permit icmp any any
access-list 101 permit ip any any
access-group 101 in
ip add 184.108.40.206 255.255.255.0
ip add 220.127.116.11 255.255.255.0
then i issued ping 18.104.22.168 repe 1 from SW2, then when i hit show ip access-list, I found 2 matches in the show access-list command, is that normal? or was it a loop? or does it count for incoming and outgoing packets although it is applied only once and in one direction ??
to make sure it doesn't count for both income and outgoing packets, I've changed the first sequence of the ACL to be: access-list 101 permit icmp host 22.214.171.124 any, and it still counts the double..
I also noticed that after I spcifified source of ICM in the ACL , the switch starts to show logging event says: "administratively prohibited unreachable message sent to 126.96.36.199", even if there is no pings, what is that message for? i tried to search but i did not yet find any thing about it
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...