matched counters for access-lists

getaway51 · ‎10-03-2018

Hi,

1)Does this means that those access list that has no traffic matches won't display number of "(xx matches)?

2)How to check traffic from certain source/destination falls under which access-lists?

Standard IP access list 4
10 permit 10.2.3.24
20 permit 10.2.4.86
30 permit 10.2.4.85
40 permit 10.2.4.79
50 permit 100.50.1.0, wildcard bits 0.0.0.255 (1708 matches)
Standard IP access list op
10 permit 3.9.4.12, wildcard bits 0.0.0.7 (49240 matches)
Extended IP access list 106
10 permit ip any 210.40.210.0 0.0.0.255 (50 matches)
20 permit ip any 210.100.3.32 0.0.0.7
30 permit ip any host 15.1.46.14 (62 matches)

casanavep · ‎10-04-2018

What are you running the ACL on, hardware type and applied to, i.e. 4331 router used for VTY ACL? Different hardware and applications of ACL result in different match counter consistency.

Cheers,

- Pete

Georg Pauwen · ‎10-04-2018

Hello,

use the 'log-input' keyword at the end of your access list statements.

--> The log-input option enables logging of the ingress interface and source MAC address in addition to the packet's source and destination IP addresses and ports.

getaway51 · ‎10-08-2018

u provide some examples? I dont quite get what u mean.

the objective is to check certain traffic falls under which access-list

NetTech1984 · ‎10-08-2018

you use the log key at the end of your ACL moreover you can add deny any log to your last ACL line than you can check with ter mon command

getaway51 · ‎01-07-2019

if i use term mon, how it tells which access-list traffic is in? how do i view the traffic?