Hello all,
we are quering udp servers 8.8.8.8 and 8.8.4.4 from inside IP address 10.60.208.116 and it works, however hits on ACLs do not increment.
When I add "log" keyword at the end of the access rules hit counts start to increment.
interface Vlan208
ip access-group DR-ACL in
ip access-group DR-ACL out
Extended IP access list DR-ACL
10 permit ip 10.60.0.0 0.0.255.255 10.60.0.0 0.0.255.255 (562353 matches)
22 permit udp host 8.8.8.8 eq domain host 10.60.208.116
23 permit udp host 8.8.4.4 eq domain host 10.60.208.116
50 permit udp host 10.60.208.116 host 8.8.8.8 eq domain
60 permit udp host 10.60.208.116 host 8.8.4.4 eq domain
999 deny ip any any (681909 matches)
With "log" keyword:
Extended IP access list DR-ACL
10 permit ip 10.60.0.0 0.0.255.255 10.60.0.0 0.0.255.255 (562353 matches)
22 permit udp host 8.8.8.8 eq domain host 10.60.208.116 log (70 matches)
23 permit udp host 8.8.4.4 eq domain host 10.60.208.116 log (15 matches)
50 permit udp host 10.60.208.116 host 8.8.8.8 eq domain log (65 matches)
60 permit udp host 10.60.208.116 host 8.8.4.4 eq domain log (5 matches)
999 deny ip any any (681909 matches)
Any explanation for this behavior?
Thank you
Richard