Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
7
Replies

ACL No Matches

cyoung1981
Level 1
Level 1

‎01-27-2016 09:00 AM - edited ‎03-05-2019 03:13 AM

I am providing internet to access to other offices for my company. My core switch is a 6509 where all the other branches connect. I use police statements to control up\down speed for these other branches. Each branch has a police statement of its own and an ACL for both down and up. Then all these are rolled up into one download and one upload policy. Those two policies are then applied to the native vlan interface. Now I get matches for all the other branches. But this ONE will not show any matches. If I do a speed test from that office it appears to be working. But I can't be positive. 

Each one of these routed connections comes in on a routed connection. I don't know what else I can look at. I'm really at a loss for why I don't see any matches for the up\down ACLs for this one connection.

Labels:
0 Helpful
7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-27-2016 11:16 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I think the 6500 "hides" ACL hits for ACLs matched in hardware.

0 Helpful

cyoung1981
Level 1
Level 1
In response to Joseph W. Doherty

‎01-27-2016 11:17 AM

Yes, I get that. But why would only 1 out of 20 be done in hardware?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to cyoung1981

‎01-27-2016 12:46 PM

I presumed your branches used something like an ISR - your branches also use 6500s?

0 Helpful

cyoung1981
Level 1
Level 1
In response to Joseph W. Doherty

‎01-27-2016 12:48 PM

SOme use 2800 routers. Some use 3750 switches.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to cyoung1981

‎01-28-2016 04:52 AM

So the only 6500 is your core device?  If so, that's also the only one not logging ACL hits?

0 Helpful

cyoung1981
Level 1
Level 1
In response to Joseph W. Doherty

‎01-28-2016 06:25 AM

Yes. The 6500 is the only core device and this is the only one with no matches.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to cyoung1981

‎01-28-2016 09:05 AM

Well then, that sort of points to the 6500 is "different" from your other spoke devices and so it having different stat recording might be accounted by that.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card