Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ACL & Debug Counters not recording all traffic?

Running various types of traffic though switches (3550 & 6509) inc PING and Application traffic. Data is transfering but the Hit counter on the relevant ACL is not incrementing? We have ensured no alternative route is available so dat must be passing through the ACL. Debug also appears not to record every packet. Is there a feature that needs activating (i.e. is the default to ignore some data/protocols?) thx

4 REPLIES
New Member

Re: ACL & Debug Counters not recording all traffic?

Hai,

Yes it will show. because it is enabled route cache so it wille xamine only the first packet.

Before debugging give the command no route-cache in interface config mode.

Then u can see it will capturing all packets.

Route caching is enabled by default in L3 switches

Hope this information is useful, if so dont forget to rate this :)

Regards

New Member

Re: ACL & Debug Counters not recording all traffic?

I will give this a go but suspect that this is not the problem here as we appear to be getting NO incrementing in the HIT counter despite traffic passing through the ACL (i.e. not even registering the first frame)? Traffic is definitely passing and there is no other route. I will investigate further and come back with more detail but any ideas would be helpful. Thx

Re: ACL & Debug Counters not recording all traffic?

viswanathan123, I dont agree with your post on the conversation.

" Yes it will show. because it is enabled route cache so it wille xamine only the first packet".....

Although the route caching is enabled on the L3 switches but when you have ACL applied to the Vlan interface or the switch ports, the traffic still is tested against the ACL even the traffic which is switched between the ports in the same vlan.

Check the following this is from the 3550 config guide " Switches traditionally operate at Layer 2 only, switching traffic within a VLAN, whereas routers route traffic between VLANs. The Catalyst 3550 switch can accelerate packet routing between VLANs by using Layer 3 switching. The switch bridges the packet, the packet is then routed internally without going to an external router, and then the packet is bridged again to send it to its destination. During this process, the switch can access-control all packets it switches, including packets bridged within a VLAN. ".

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/swacl.htm#wp1140852

HTH,

-amit singh

New Member

Re: ACL & Debug Counters not recording all traffic?

That doesn't really explain why the ACL hit counter is not incrementing?

185
Views
0
Helpful
4
Replies
CreatePlease to create content