已解决: N9K 看不到access list 的matches统计量，而9300就行

nexusNXOS57758 · ‎03-22-2021

帮忙分析一下原因9300的
140 permit ip host 10.67.130.107 any (35482 matches)
160 deny tcp any any eq msrpc (1023177 matches)
170 deny tcp any any eq 137
180 deny tcp any any eq 138
190 deny tcp any any eq 139 (1255809 matches)
200 deny tcp any any eq 445 (1645564749 matches)
210 deny udp any any eq 135
220 deny udp any any eq netbios-ns (111397081 matches)
230 deny udp any any eq netbios-dgm (21 matches)
240 deny udp any any eq netbios-ss
N9K的
50 deny tcp any any eq 137
60 deny tcp any any eq 139
70 deny tcp any any eq 445
80 deny udp any any eq 135
90 deny udp any any eq netbios-ns
100 deny udp any any eq netbios-dgm
110 deny udp any any eq netbios-ss
120 deny udp any any eq 445
130 permit ip any any

Rps-Cheers · ‎03-22-2021

你好，
可以在N9K的ACL下，配置“statistics per-entry”命令试试。

switch# sho access-lists cisco
IP access list cisco
        statistics per-entry
        10 permit icmp any any
        20 permit ip any any

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

在原帖中查看解决方案

Rps-Cheers · ‎03-22-2021

你好，
可以在N9K的ACL下，配置“statistics per-entry”命令试试。

switch# sho access-lists cisco
IP access list cisco
        statistics per-entry
        10 permit icmp any any
        20 permit ip any any

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !