[cisco-nas] Question for access-list

Josh Duffek consultantjd16 at ridemetro.org
Fri Apr 1 14:06:12 EST 2005


So if you make a separate ACL X, not applied to the interface, for packets from your router's ip to Y destination, and run "debug ip pack X", you don't see them?

josh duffek    network engineer
consultantjd16 at ridemetro.org

> -----Original Message-----
> From: cisco-nas-bounces at puck.nether.net [mailto:cisco-nas-
> bounces at puck.nether.net] On Behalf Of Ahmad Cheikh-Moussa
> Sent: Friday, April 01, 2005 1:02 PM
> To: Oliver Boehmer (oboehmer)
> Cc: cisco-nas at puck.nether.net
> Subject: Re: [cisco-nas] Question for access-list
> 
> Hi Oliver,
> 
> thanks for your quick reply.
> Any ideas how to debug such problems ?
> Is there another way to debug packets, which are originated
> from the router ?
> 
> How can I have packet loss on a link, which have
> a really big realibility and average load which is
> betwen 20 and 30 %
> 
> regards,
>  Ahmad
> 
> On Apr 01, 05, Oliver Boehmer (oboehmer) wrote:
> >
> > >
> > > The main question is how a cisco router use the access-list ?
> > > I wannt to debug packets, which are originated by the router
> > > itselves. [...]
> > >
> > > Why I can't see the traffic matches in the access-list, whether
> > > the IP Packets are sent to the collectot, which I can see
> > > via a sniffer.
> >
> > packets originated by the router are not subject to access-list checks
> > on the outgoing/egress interface. This is why you don't "see" them in
> > the access-list counter..
> >
> > Netflow export packets are a special case anyway, those are sent without
> > any output feature treatment in order to send them most efficiently..
> >
> > 	oli
> 
> --
> Ahmad Cheikh-Moussa
> NetUSE AG
> Dr.-Hell-Straße, 24107 Kiel, Germany
> Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
> Service: Service at NetUSE.DE --  http://NetUSE.DE/
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas



More information about the cisco-nas mailing list