cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
717
Views
0
Helpful
3
Replies

3750 registering ACL hits?

lhoyle
Level 1
Level 1

It seems that the ACL's on my 3750 do not register the number of matches, except on some of the "permit ip any any" lines. I have lines such as "permit host 10.1.13.37 host 10.1.13.38" that I KNOW work fine (the two boxes communicate regularly), but the hits on the ACL don't register. Any ideas?

1 Accepted Solution

Accepted Solutions

Hi,

ACLs work at layer 3. Only the traffic that has to be routed through the 3750 would be matched against the ACL. These two hosts, .37 & .38, are on the same subnet, correct? Hence, the traffic is switched rather than routed and the ACL isn't used in this case.

Hope this helps!

Regards,

Sundar

View solution in original post

3 Replies 3

Hi,

ACLs work at layer 3. Only the traffic that has to be routed through the 3750 would be matched against the ACL. These two hosts, .37 & .38, are on the same subnet, correct? Hence, the traffic is switched rather than routed and the ACL isn't used in this case.

Hope this helps!

Regards,

Sundar

royalblues
Level 10
Level 10

i had opened a tac case for similar symptoms on a 4506 and they replied with the following.

Answering your question, it depends on which OS you're running on the other switch. In this case you're running IOS and the switch process the ACLs on the TCAM (Hardware) and that's why you don't see the hits. In CatOS, there's no TCAM but the ACLs can be processed in both Hardware and Software.

But if you're running IOS too, and you see the hits for the ACLs, this could mean that the Tcam is full and the ACLs start to be processed in Software, not in Hardware.

regards

Narayan

So therefore I would assume the same would apply if you enable the 'log' keyword at the end of acl?

Ajaz

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: