08-12-2010 05:49 AM - edited 03-06-2019 12:27 PM
on 3560
there is access list and on access list there are permit statements. when i check with show access-list i do not see any matches.. But if i make it deny there are matches... Is there any bug?
Thank you.
08-12-2010 05:55 AM
akyuznet45 wrote:
on 3560
there is access list and on access list there are permit statements. when i check with show access-list i do not see any matches.. But if i make it deny there are matches... Is there any bug?
Thank you.
No there is no bug. Permit statements are dealt with in hardware so you do not see any hits on the acl. However deny statements are also dealt with in hardware usually. Do you have the "log" keyword at the end of the deny statements ?
Jon
08-13-2010 07:47 AM
I did not understand your comment Marshall. Which one is on the hardware? permit or deny? we are getting only problem permit layer 4 access list.. we do not have matching problem with permit L3 access lists...
Thank you.
08-13-2010 08:26 AM
Aky,
Jon meant to see/view the matched packets by the access-list.
Even i understood your question in that way first..-:)
Seems you cannot see the access list created when doing a sh access-list rite ?
If its visible in the sh run then it seems to be a problem i never encountered.
Try the command sh access-list 1 (with the no)
If nothing works then it sounds buggy..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide