Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
2
Replies

Port Based ACL Counters

BigDawgFelton
Level 1
Level 1

‎10-17-2012 04:08 PM - edited ‎03-07-2019 09:32 AM

Hello again,

This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.

I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day.

Does anyone know what the normal behavior is for this switch and does it support logging on an ACL entry as well?

Thanks, Elton

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
2 Replies 2

acampbell
VIP Alumni
VIP Alumni

‎10-17-2012 05:07 PM

Elton

ACL logging is not supported on the 2970 running 12.2

The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see Table 26-1) or bridge-group ACLs

IP accounting

Inbound and outbound rate limiting (except with QoS ACLs)

Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)

ACL logging

http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.2_18_se/configuration/guide/swacl.html

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.
0 Helpful

BigDawgFelton
Level 1
Level 1

‎10-17-2012 05:40 PM

Thanks for the quick response. As far as the logging is that just entries that are in the log file or does that also include match counts on an entry?

Why would I only have 2 matches if it is clearly doing its job?

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card