01-30-2008 07:25 AM - edited 03-05-2019 08:49 PM
I'm trying to get a sense for how much traffic on particular ports between two IP addresses is going through an interface on a 6509 L3 switch running IOS 12.2(18)SXE3.
I've set up some class maps to match on ACLs and apply the service policy both inbound and outbound on the interface that feeds the switch one of the hosts is on. 'Show policy-map int' shows 0 in all the class counters (except class-default), yet 'sh ip route cache | include 164.72.184.33 shows a flow going on.
Here is the appropriate config statements and some output. N
class-map match-any iVault_traffic
match access-group 164
class-map match-any CHS-Dicom
match access-group 161
class-map match-any CHS_iSyntax
match access-group 160
class-map match-any all_Dicom
match access-group 163
class-map match-any all_iSyntax
match access-group 162
!
!
policy-map iVault_image_traffic
class CHS-Dicom
class CHS_iSyntax
class all_Dicom
class all_iSyntax
class iVault_traffic
access-list 160 permit tcp host 164.72.37.9 host 164.72.184.33 eq 6464
access-list 160 permit tcp host 164.72.184.33 eq 6464 host 164.72.37.9
access-list 160 permit tcp host 164.72.184.33 host 164.72.37.9 eq 6464
access-list 160 permit tcp host 164.72.37.9 eq 6464 host 164.72.184.33
access-list 161 permit tcp host 164.72.37.9 host 164.72.184.33 eq 104
access-list 161 permit tcp host 164.72.184.33 eq 104 host 164.72.37.9
access-list 161 permit tcp host 164.72.184.33 host 164.72.37.9 eq 104
access-list 161 permit tcp host 164.72.37.9 eq 104 host 164.72.184.33
access-list 162 permit tcp any host 164.72.184.33 eq 6464
access-list 162 permit tcp host 164.72.184.33 eq 6464 any
access-list 162 permit tcp host 164.72.184.33 any eq 6464
access-list 162 permit tcp any eq 6464 host 164.72.184.33
access-list 163 permit tcp any host 164.72.184.33 eq 104
access-list 163 permit tcp host 164.72.184.33 eq 104 any
access-list 163 permit tcp host 164.72.184.33 any eq 104
access-list 163 permit tcp any eq 104 host 164.72.184.33
access-list 164 permit ip any host 164.72.184.33
access-list 164 permit ip host 164.72.184.33 any
I notice that the ip cache flow doesn't give a source interface but falls under the heading of PFC:
The interface G6/1 is running GLBP between another 6509 and both 6509 G6/1 interfaces are connected to the switch that 164.72.184.33 is on.
Why do you think the policy map is not recognizing the packets? I think the ACLs are OK.
I've attached a file that shows the output of
'show policy-map int'
'sh ip cache flow | include 164.72.184.33'
'sh run int g6/1'
01-30-2008 07:28 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide