[cisco-nas] Question for access-list

Ahmad Cheikh-Moussa acm at netuse.de
Fri Apr 1 14:08:40 EST 2005 

Hi Josh,

I tried this too, but unfortunately it didn't worked.

regards,
 Ahmad 

On Apr 01, 05, Josh Duffek wrote:
> So if you make a separate ACL X, not applied to the interface, for packets from your router's ip to Y destination, and run "debug ip pack X", you don't see them?
> 
> josh duffek    network engineer
> consultantjd16 at ridemetro.org
> 
> > -----Original Message-----
> > From: cisco-nas-bounces at puck.nether.net [mailto:cisco-nas-
> > bounces at puck.nether.net] On Behalf Of Ahmad Cheikh-Moussa
> > Sent: Friday, April 01, 2005 1:02 PM
> > To: Oliver Boehmer (oboehmer)
> > Cc: cisco-nas at puck.nether.net
> > Subject: Re: [cisco-nas] Question for access-list
> > 
> > Hi Oliver,
> > 
> > thanks for your quick reply.
> > Any ideas how to debug such problems ?
> > Is there another way to debug packets, which are originated
> > from the router ?
> > 
> > How can I have packet loss on a link, which have
> > a really big realibility and average load which is
> > betwen 20 and 30 %
> > 
> > regards,
> >  Ahmad
> > 
> > On Apr 01, 05, Oliver Boehmer (oboehmer) wrote:
> > >
> > > >
> > > > The main question is how a cisco router use the access-list ?
> > > > I wannt to debug packets, which are originated by the router
> > > > itselves. [...]
> > > >
> > > > Why I can't see the traffic matches in the access-list, whether
> > > > the IP Packets are sent to the collectot, which I can see
> > > > via a sniffer.
> > >
> > > packets originated by the router are not subject to access-list checks
> > > on the outgoing/egress interface. This is why you don't "see" them in
> > > the access-list counter..
> > >
> > > Netflow export packets are a special case anyway, those are sent without
> > > any output feature treatment in order to send them most efficiently..
> > >
> > > 	oli
> > 
> > --
> > Ahmad Cheikh-Moussa
> > NetUSE AG
> > Dr.-Hell-Straße, 24107 Kiel, Germany
> > Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
> > Service: Service at NetUSE.DE --  http://NetUSE.DE/
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas

-- 
Ahmad Cheikh-Moussa 
NetUSE AG
Dr.-Hell-Straße, 24107 Kiel, Germany
Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
Service: Service at NetUSE.DE --  http://NetUSE.DE/

More information about the cisco-nas mailing list