Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
211
Views
0
Helpful
1
Replies

Access list question

daniel.bowen
Level 1
Level 1

‎09-24-2002 05:39 AM - edited ‎03-02-2019 01:35 AM

Does anybody know why the port numbers would be returned blank in a show access-list display?

eg

Sep 24 14:35:58.351 bst: %SEC-6-IPACCESSLOGP: list 123 permitted tcp 166.71.21.43(0) -> 80.32.177.185(0), 1 packet

shouldn't the port number be shown?

cheers,

Daniel,

Labels:
0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎09-24-2002 07:18 AM

Does your access-list have "permit ip .... " or does it have "permit tcp ... "?

With '(0)' the ports are generated when the router didn't know the port numbers rather than them actually being 0. If your access-list doesn't

filter on higher level ports the router doesn't bother parsing the TCP/UDP headers so it can't log the port numbers and just fills in with zeros to keep the format consistent.

eg. The access-list:

access-list 123 permit ip any any log

generates log messages like this:

%SEC-6-IPACCESSLOGP: list 123 permitted tcp 10.0.1.1(0) -> 10.0.1.228(0), 5 packets

with zero ports, whereas the access-list:

access-list 123 permit udp any any range 0 65535 log

access-list 123 permit tcp any any range 0 65535 log

generates log message like this:

%SEC-6-IPACCESSLOGP: list 123 permitted tcp 10.0.1.1(2862) -> 10.0.1.228(25), 5 packets

with non-zero ports.

Steve

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card