Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No ACL matches on deny statement.

I'm using a 3845 with an internet facing ACL.

I have all my permit statements in the ACL which are working correctly and I can see matches on them when I do a "show access-lists".

However, the last line of my ACL is  "deny   ip any any log" but no matches are shown even though it appears to be working.  Any idea why my match count is not going up?  I am not getting the denys when I do "show logging" also, but i'm assuming this is because the deny line is not getting hits.

Thanks for your time,

Adam

1 REPLY

Re: No ACL matches on deny statement.

Hi Adam,

Can you confirm whether below feature configured in your router

Feature: OAL (Optimized access-list)

command: mls rate-limit unicast ip icmp unreachable acl-drop 0

This will prevent counters generated in deny statement because packets will be processed in hardware

if so please issue below global command

"no mls rate-limit unicast ip icmp unreachable acl-drop 0" and see progress of counters in deny statement.

Please let me know if this is useful to you.

Regards

Mahesh

223
Views
0
Helpful
1
Replies