Identify Packets to CPU

cer43tcent · ‎11-01-2016

Hello all. Is it possible to run a debug or create and ACL to see which packets are going to the CPU as opposed to being handled by hardware? On the switch itself I only have two ACLs one for vty access and the other for snmp access. Moreover, I'll "clear access-list counters" then run the command "show access-list hardware counters" and get output like below

switch_rm12#sh access-list hardware counters
L3 ACL INPUT Statistics
     All Drop:                     frame count: 3
     All Bridge Only:              frame count: 0
     All Forwarding To CPU:        frame count: 336
     All Forwarded:                frame count: 5464
     All Drop And Log:             frame count: 0
     All Bridge Only And Log:      frame count: 0
     All Forwarded And Log:        frame count: 0
     All IPv6 Drop:                frame count: 0
     All IPv6 Bridge Only:         frame count: 0
     All IPv6 Forwarding To CPU:   frame count: 0
     All IPv6 Forwarded:           frame count: 66
     All IPv6 Drop And Log:        frame count: 0
     All IPv6 Bridge Only And Log: frame count: 0
     All IPv6 Forwarded And Log:   frame count: 0

InayathUlla Sharieff · ‎11-01-2016

What switch is this?

cer43tcent · ‎11-02-2016

Its a layer 2, access switch. Oh, I forgot to mention I don't have "log" configured after the ACL lines.

Identify Packets to CPU

[UCS C] C225M6/C245M6 CPU、ヒートシンクの交換手順

Vendor Class Identifier DHCP Option 43, Option 60 and option 241

Identifying the Root CA Chain in Cisco SD-WAN Deployments

Identify PSIRT impacted devices through Catalyst Center

Avoid CPU-intensive packet manipulation