04-01-2022 07:39 AM - edited 04-01-2022 07:40 AM
C9500-48Y4C - ACL counter
not able to see permitted traffic counters but able to see deny counters increasing. What's the catch here?
Solved! Go to Solution.
04-04-2022 06:43 PM
Looks for me bug i guess, i have running 16.12,X OLD Code I can see the counters
04-05-2022 04:57 AM
I think this is bug, check link below.
extended ACL with L4 port
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs74735
04-01-2022 08:19 AM
what is the version of Code and can you show us the example of ACL and output
04-04-2022 03:22 PM - edited 04-04-2022 03:24 PM
cisco C9500-48Y4C
Cisco IOS XE Software, Version 17.03.04
Cisco IOS Software [Amsterdam], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.3.4, RELEASE SOFTWARE (fc3)
!
interface Vlan XXXX
description TEST-1
ip address 10.1.191.1 255.255.255.0
ip helper-address 192.168.150.31
ip helper-address 192.168.150.37
ip pim sparse-mode
ip access-group TEST-1 in
end
TEST-COR-SW-01#sh access-lists TEST-1
Extended IP access list TEST-1
10 permit udp any host 192.168.150.31 eq bootps
20 permit udp any host 192.168.150.37 eq bootps
30 permit udp any host 192.168.150.28 eq domain
40 permit tcp any host 192.168.150.28 eq domain
50 permit udp any host 192.168.150.20 eq domain
60 permit tcp any host 192.168.150.20 eq domain
70 permit udp any host 192.168.20.141 eq domain
80 permit tcp any host 192.168.20.141 eq domain
90 permit udp any host 192.168.20.142 eq domain
100 permit tcp any host 192.168.20.142 eq domain
110 permit tcp host 10.1.191.90 host 192.168.30.21 eq smtp
120 permit tcp host 10.1.191.90 host 192.168.30.22 eq smtp
130 permit tcp host 10.1.191.90 host 192.168.30.30 eq smtp
140 permit tcp host 10.1.191.90 host 192.168.30.31 eq smtp
150 permit tcp any any eq 502 log
160 permit udp any any eq 502 log
170 permit udp any any eq 7700 log
180 permit tcp any any eq 7700 log
200 permit ip 10.1.191.48 0.0.0.15 host 192.168.20.247
210 permit ip 10.1.191.64 0.0.0.7 host 192.168.20.247
220 permit ip 10.1.191.72 0.0.0.7 host 192.168.20.247
240 permit ip host 10.1.191.168 host 192.168.20.247
250 permit udp any host 192.168.150.28 eq ntp
260 permit ip any host 192.168.150.28
300 deny ip any 10.0.0.0 0.255.255.255 (9854 matches)
310 deny ip any 157.21.0.0 0.0.255.255
320 deny ip any 192.168.0.0 0.0.255.255 (86 matches)
330 deny ip any 172.16.0.0 0.15.255.255 (65644 matches)
340 permit ip any any (54403 matches)
04-04-2022 06:43 PM
Looks for me bug i guess, i have running 16.12,X OLD Code I can see the counters
04-04-2022 08:10 PM
Thx. I will open case on this
04-01-2022 03:15 PM - edited 04-01-2022 03:15 PM
can you share
show ip access-list
04-04-2022 03:21 PM - edited 04-04-2022 03:24 PM
interface Vlan XXXX
description TEST-1
ip address 10.1.191.1 255.255.255.0
ip helper-address 192.168.150.31
ip helper-address 192.168.150.37
ip pim sparse-mode
ip access-group TEST-1 in
end
!
TEST-COR-SW-01#sh access-lists TEST-1
Extended IP access list TEST-1
10 permit udp any host 192.168.150.31 eq bootps
20 permit udp any host 192.168.150.37 eq bootps
30 permit udp any host 192.168.150.28 eq domain
40 permit tcp any host 192.168.150.28 eq domain
50 permit udp any host 192.168.150.20 eq domain
60 permit tcp any host 192.168.150.20 eq domain
70 permit udp any host 192.168.20.141 eq domain
80 permit tcp any host 192.168.20.141 eq domain
90 permit udp any host 192.168.20.142 eq domain
100 permit tcp any host 192.168.20.142 eq domain
110 permit tcp host 10.1.191.90 host 192.168.30.21 eq smtp
120 permit tcp host 10.1.191.90 host 192.168.30.22 eq smtp
130 permit tcp host 10.1.191.90 host 192.168.30.30 eq smtp
140 permit tcp host 10.1.191.90 host 192.168.30.31 eq smtp
150 permit tcp any any eq 502 log
160 permit udp any any eq 502 log
170 permit udp any any eq 7700 log
180 permit tcp any any eq 7700 log
200 permit ip 10.1.191.48 0.0.0.15 host 192.168.20.247
210 permit ip 10.1.191.64 0.0.0.7 host 192.168.20.247
220 permit ip 10.1.191.72 0.0.0.7 host 192.168.20.247
240 permit ip host 10.1.191.168 host 192.168.20.247
250 permit udp any host 192.168.150.28 eq ntp
260 permit ip any host 192.168.150.28
300 deny ip any 10.0.0.0 0.255.255.255 (9854 matches)
310 deny ip any 157.21.0.0 0.0.255.255
320 deny ip any 192.168.0.0 0.0.255.255 (86 matches)
330 deny ip any 172.16.0.0 0.15.255.255 (65644 matches)
340 permit ip any any (54403 matches)
04-05-2022 04:57 AM
I think this is bug, check link below.
extended ACL with L4 port
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs74735
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: