Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3750 registering ACL hits?

It seems that the ACL's on my 3750 do not register the number of matches, except on some of the "permit ip any any" lines. I have lines such as "permit host 10.1.13.37 host 10.1.13.38" that I KNOW work fine (the two boxes communicate regularly), but the hits on the ACL don't register. Any ideas?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 3750 registering ACL hits?

Hi,

ACLs work at layer 3. Only the traffic that has to be routed through the 3750 would be matched against the ACL. These two hosts, .37 & .38, are on the same subnet, correct? Hence, the traffic is switched rather than routed and the ACL isn't used in this case.

Hope this helps!

Regards,

Sundar

3 REPLIES

Re: 3750 registering ACL hits?

Hi,

ACLs work at layer 3. Only the traffic that has to be routed through the 3750 would be matched against the ACL. These two hosts, .37 & .38, are on the same subnet, correct? Hence, the traffic is switched rather than routed and the ACL isn't used in this case.

Hope this helps!

Regards,

Sundar

Re: 3750 registering ACL hits?

i had opened a tac case for similar symptoms on a 4506 and they replied with the following.

Answering your question, it depends on which OS you're running on the other switch. In this case you're running IOS and the switch process the ACLs on the TCAM (Hardware) and that's why you don't see the hits. In CatOS, there's no TCAM but the ACLs can be processed in both Hardware and Software.

But if you're running IOS too, and you see the hits for the ACLs, this could mean that the Tcam is full and the ACLs start to be processed in Software, not in Hardware.

regards

Narayan

Silver

Re: 3750 registering ACL hits?

So therefore I would assume the same would apply if you enable the 'log' keyword at the end of acl?

Ajaz

402
Views
0
Helpful
3
Replies
CreatePlease to create content