Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
0
Helpful
1
Replies

ACL hit counts on 6509 not showing...

RoyalEF
Level 1
Level 1

‎04-01-2005 10:06 AM - edited ‎03-02-2019 10:20 PM

Our syslog servers are in a subnet attached only to our core router... no other path to them. They are collecting syslog messages (udp 514) from all over our network. We log over a gig per day.

The syslog VLAN has an ACL applied out.

The lines permitting any host to hit the syslog server for udp eq syslog shows no hits at all.

Are there conditions that would preclude hits from registering? I can't find any other ACL lines prior to these entires that would permit these specific packets through and there is a "deny ip any any" at the end of the list. Other ACls in the list shows up to millions of hits, so I know they are functioning and in use.

I don't understand why they aren't showing up in the hit counts?!

Labels:
0 Helpful
1 Reply 1

gskhanna
Level 1
Level 1

‎04-06-2005 07:25 AM

The 6500 does acl blocking in programmable hardware asic modules. The hitcount does not show up properly or acurately.

It only shows like 100th of what the real hits are.

'When you enter the show ip access-list command, the match count displayed does not include packets processed in hardware. '

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801609f6.html

0 Helpful
Customers Also Viewed These Support Documents