01-27-2016 09:00 AM - edited 03-05-2019 03:13 AM
I am providing internet to access to other offices for my company. My core switch is a 6509 where all the other branches connect. I use police statements to control up\down speed for these other branches. Each branch has a police statement of its own and an ACL for both down and up. Then all these are rolled up into one download and one upload policy. Those two policies are then applied to the native vlan interface. Now I get matches for all the other branches. But this ONE will not show any matches. If I do a speed test from that office it appears to be working. But I can't be positive.
Each one of these routed connections comes in on a routed connection. I don't know what else I can look at. I'm really at a loss for why I don't see any matches for the up\down ACLs for this one connection.
01-27-2016 11:16 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I think the 6500 "hides" ACL hits for ACLs matched in hardware.
01-27-2016 11:17 AM
Yes, I get that. But why would only 1 out of 20 be done in hardware?
01-27-2016 12:46 PM
I presumed your branches used something like an ISR - your branches also use 6500s?
01-27-2016 12:48 PM
SOme use 2800 routers. Some use 3750 switches.
01-28-2016 04:52 AM
So the only 6500 is your core device? If so, that's also the only one not logging ACL hits?
01-28-2016 06:25 AM
Yes. The 6500 is the only core device and this is the only one with no matches.
01-28-2016 09:05 AM
Well then, that sort of points to the 6500 is "different" from your other spoke devices and so it having different stat recording might be accounted by that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide