Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
15
Helpful
8
Replies

2960G strange behaviour

salemmahara
Level 3
Level 3

‎08-19-2018 01:14 AM - edited ‎03-08-2019 03:56 PM

Hello all

We have one 2960G. We applied an inbound ACL on a port of that :

deny udp any any eq 53

permit ip any any

 

it's working fine. But there isn't any match hint for Deny ACE, Permit ACE has however!

 

Sho ip access-list

 

deny ........

permit .....(456454 matches)

It's working but without match hint for first line!

Labels:
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎08-19-2018 02:05 AM

deny udp any any eq wq ( what is wq ?)

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

salemmahara
Level 3
Level 3
In response to balaji.bandi

‎08-19-2018 08:35 PM

lo Balaji

That was an example.

We're blocking udp 53

0 Helpful

Julio E. Moisa
VIP
VIP

‎08-19-2018 06:04 AM

Hi

What are you denying?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

salemmahara
Level 3
Level 3
In response to Julio E. Moisa

‎08-19-2018 08:36 PM

udp 53

first post is edited

0 Helpful

paul driver
VIP
VIP

‎08-20-2018 01:18 AM - edited ‎08-20-2018 01:19 AM

Hello

And you can confirm UDP 53 is in fact being denied?


show ip accounting access-violations ( if enabled), Also amend the ace of the acl to incorporate log or log-input


access-list 100 deny udp any any eq 53 log-input


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

salemmahara
Level 3
Level 3
In response to paul driver

‎08-20-2018 07:17 AM

Hello Paul

Yes I'm sure because when we apply acl, dns queries won't work. but when we remove acl from interface it works.

accounting violation is not enabled on interface.

0 Helpful

sivam siva
Level 3
Level 3
In response to salemmahara

‎08-20-2018 09:15 AM

Hi

When we configure access-list isn't mean that device filter the packets,its just for identify,

packets are filtered when we apply that ACL under interface.

0 Helpful

salemmahara
Level 3
Level 3
In response to sivam siva

‎08-26-2018 08:24 PM

Hi Sivam

You're right. But in this case, ACL is already applied to the interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card