No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

ACL matching counters not working in display acl

Publication Date:  2018-01-31  |   Views:  2331  |   Downloads:  0  |   Author:  s84075117  |   Document ID:  EKB1001272287

Contents

Issue Description

The customer set up an ACL on a vlanif via traffic-filter. The ACL is working and packets are matched, this is confirmed by the logs, but the display acl counters are not increased.

<SwCore759>display log | i 3007
Logging buffer configuration and contents : enabled
Allowed max buffer size : 1024
Actual buffer size : 512
Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 3500
Current messages : 512

Sep 21 2017 17:15:44+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[0]:Slot=2;Acl 3007 deny GigabitEthernet2/0/28 00e0-4b5b-dfb2 -> ffff-ffff-ffff udp 10.116.78.71(48312) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:27+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[6]:Slot=2;Acl 3007 deny GigabitEthernet2/0/32 00e0-4b5b-dfc1 -> ffff-ffff-ffff udp 10.116.78.73(55066) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:24+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[8]:Slot=2;Acl 3007 deny GigabitEthernet2/0/29 00e0-4b5b-d6b2 -> ffff-ffff-ffff udp 10.116.78.75(55048) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:22+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[9]:Slot=2;Acl 3007 deny GigabitEthernet2/0/31 00e0-4b5b-e059 -> ffff-ffff-ffff udp 10.116.78.72(34856) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:15:13+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[11]:Slot=2;Acl 3007 deny GigabitEthernet2/0/28 00e0-4b5b-dfb2 -> ffff-ffff-ffff udp 10.116.78.71(58832) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:57+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[31]:Slot=2;Acl 3007 deny GigabitEthernet2/0/32 00e0-4b5b-dfc1 -> ffff-ffff-ffff udp 10.116.78.73(57574) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:54+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[32]:Slot=2;Acl 3007 deny GigabitEthernet2/0/29 00e0-4b5b-d6b2 -> ffff-ffff-ffff udp 10.116.78.75(59760) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:52+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[33]:Slot=2;Acl 3007 deny GigabitEthernet2/0/31 00e0-4b5b-e059 -> ffff-ffff-ffff udp 10.116.78.72(34466) -> 255.255.255.255(2153) (1 packet).
Sep 21 2017 17:14:44+02:00 SwCore759 %%01ACLE/4/ACLLOG(l)[34]:Slot=2;Acl 3007 deny GigabitEthernet2/0/28 00e0-4b5b-dfb2 -> ffff-ffff-ffff udp 10.116.78.71(43828) -> 255.255.255.255(2153) (1 packet).






Solution

In the output of the display acl command, the matched field indicates the number of packets that are sent to the CPU and match the ACL instead of the number of packets matching the ACL. Therefore, the count displayed in the output of the display acl command is always 0 even many packets that match the ACL pass through the device.