cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3609
Views
0
Helpful
1
Replies

ASR vs. ISR access list output

mbroberson1
Participant
Participant

Is there a difference (in commands for viewing) with how an ASR router shows the hits on an ACL compred to an ISR such as 3725 or other ISR model?

Have a senario where an ASR is not showing the hits on an ACL, but when labbed up using an ISR model is shows hits on the ACL.

Using the commands "sh ip access-list xxx" and "sh access-list" on both the ASR and ISR to look for hits. The ISR shows hits, but not the ASR.

Regards

1 Reply 1

Mani Ganesan
Enthusiast
Enthusiast

The reason is ASR router is a hardware switching based platform compared to other routers

like 7200,7300, 3800 etc..which are software switching based platforms.

For hardware switched packets, ACL counters will not report any value. If we need to see the matches or

the actual packet details, you may want to put in a 'log' keyword and force the packets to hit the CPU.

we have to be careful if we have huge subnets permitted or denied in the ACL.

HTH,

Mani

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers