We have Policy based routing configured on a 6500. The policy map references an IP extended access list to see if packets are to be policy based routed.
We know the policy based routing is working as the packets are arriving at the correct destination. However if I issue a show IP access command the number of matches against the referenced access list is very low.
Is there any known IOS bug where the IOS does not correctly record the number of matches or could it be to do with some CEF process?
your assumption is right, the counter is only increased, if the CPU has to deal with the IP packet. If CEF is used, the counter will not be increased, because the packet is not handled by the CPU, but forwarded through the use of FIB and adjacency table. In principle you can then only see the "new" headers and thus the number of packets will be low as most packets are part of a larger session.
Ans:- it depends on which OS you're running on the other switch. In this case you're running IOS and the switch process the ACLs on the TCAM (Hardware) and that's why you don't see the hits. In CatOS, there's no TCAM but the ACLs can be processed in both Hardware and Software.
But if you're running IOS too, and you see the hits for the ACLs, this could mean that the Tcam is full and the ACLs start to be processed in Software, not in Hardware.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...