Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
1
Replies

No ACL matches on deny statement.

AdamInChains
Level 1
Level 1

‎10-04-2010 04:32 PM - edited ‎03-04-2019 09:59 AM

I'm using a 3845 with an internet facing ACL.

I have all my permit statements in the ACL which are working correctly and I can see matches on them when I do a "show access-lists".

However, the last line of my ACL is  "deny   ip any any log" but no matches are shown even though it appears to be working.  Any idea why my match count is not going up?  I am not getting the denys when I do "show logging" also, but i'm assuming this is because the deny line is not getting hits.

Thanks for your time,

Adam

Labels:
0 Helpful
1 Reply 1

Mahesh Gohil
Level 7
Level 7

‎10-04-2010 09:42 PM

Hi Adam,

Can you confirm whether below feature configured in your router

Feature: OAL (Optimized access-list)

command: mls rate-limit unicast ip icmp unreachable acl-drop 0

This will prevent counters generated in deny statement because packets will be processed in hardware

if so please issue below global command

"no mls rate-limit unicast ip icmp unreachable acl-drop 0" and see progress of counters in deny statement.

Please let me know if this is useful to you.

Regards

Mahesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card