Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
994
Views
0
Helpful
1
Replies

'show policy-map int' not showing any packets.

jkeeffe
Level 2
Level 2

‎01-30-2008 07:25 AM - edited ‎03-05-2019 08:49 PM

I'm trying to get a sense for how much traffic on particular ports between two IP addresses is going through an interface on a 6509 L3 switch running IOS 12.2(18)SXE3.

I've set up some class maps to match on ACLs and apply the service policy both inbound and outbound on the interface that feeds the switch one of the hosts is on. 'Show policy-map int' shows 0 in all the class counters (except class-default), yet 'sh ip route cache | include 164.72.184.33 shows a flow going on.

Here is the appropriate config statements and some output. N

class-map match-any iVault_traffic

match access-group 164

class-map match-any CHS-Dicom

match access-group 161

class-map match-any CHS_iSyntax

match access-group 160

class-map match-any all_Dicom

match access-group 163

class-map match-any all_iSyntax

match access-group 162

!

!

policy-map iVault_image_traffic

class CHS-Dicom

class CHS_iSyntax

class all_Dicom

class all_iSyntax

class iVault_traffic

access-list 160 permit tcp host 164.72.37.9 host 164.72.184.33 eq 6464

access-list 160 permit tcp host 164.72.184.33 eq 6464 host 164.72.37.9

access-list 160 permit tcp host 164.72.184.33 host 164.72.37.9 eq 6464

access-list 160 permit tcp host 164.72.37.9 eq 6464 host 164.72.184.33

access-list 161 permit tcp host 164.72.37.9 host 164.72.184.33 eq 104

access-list 161 permit tcp host 164.72.184.33 eq 104 host 164.72.37.9

access-list 161 permit tcp host 164.72.184.33 host 164.72.37.9 eq 104

access-list 161 permit tcp host 164.72.37.9 eq 104 host 164.72.184.33

access-list 162 permit tcp any host 164.72.184.33 eq 6464

access-list 162 permit tcp host 164.72.184.33 eq 6464 any

access-list 162 permit tcp host 164.72.184.33 any eq 6464

access-list 162 permit tcp any eq 6464 host 164.72.184.33

access-list 163 permit tcp any host 164.72.184.33 eq 104

access-list 163 permit tcp host 164.72.184.33 eq 104 any

access-list 163 permit tcp host 164.72.184.33 any eq 104

access-list 163 permit tcp any eq 104 host 164.72.184.33

access-list 164 permit ip any host 164.72.184.33

access-list 164 permit ip host 164.72.184.33 any

I notice that the ip cache flow doesn't give a source interface but falls under the heading of PFC:

The interface G6/1 is running GLBP between another 6509 and both 6509 G6/1 interfaces are connected to the switch that 164.72.184.33 is on.

Why do you think the policy map is not recognizing the packets? I think the ACLs are OK.

I've attached a file that shows the output of

'show policy-map int'

'sh ip cache flow | include 164.72.184.33'

'sh run int g6/1'

Labels:
0 Helpful
1 Reply 1

jkeeffe
Level 2
Level 2

‎01-30-2008 07:28 AM

Here is the text file.

Preview file
4 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card