[cisco-nas] Question for access-list

Tassos Chatzithomaoglou achatz at forthnet.gr
Sat Apr 2 03:43:20 EST 2005


maybe disable route-cache?

Ahmad Cheikh-Moussa wrote on 1/4/2005 10:08 μμ:
> Hi Josh,
> 
> I tried this too, but unfortunately it didn't worked.
> 
> regards,
>  Ahmad 
> 
> On Apr 01, 05, Josh Duffek wrote:
> 
>>So if you make a separate ACL X, not applied to the interface, for packets from your router's ip to Y destination, and run "debug ip pack X", you don't see them?
>>
>>josh duffek    network engineer
>>consultantjd16 at ridemetro.org
>>
>>
>>>-----Original Message-----
>>>From: cisco-nas-bounces at puck.nether.net [mailto:cisco-nas-
>>>bounces at puck.nether.net] On Behalf Of Ahmad Cheikh-Moussa
>>>Sent: Friday, April 01, 2005 1:02 PM
>>>To: Oliver Boehmer (oboehmer)
>>>Cc: cisco-nas at puck.nether.net
>>>Subject: Re: [cisco-nas] Question for access-list
>>>
>>>Hi Oliver,
>>>
>>>thanks for your quick reply.
>>>Any ideas how to debug such problems ?
>>>Is there another way to debug packets, which are originated
>>>from the router ?
>>>
>>>How can I have packet loss on a link, which have
>>>a really big realibility and average load which is
>>>betwen 20 and 30 %
>>>
>>>regards,
>>> Ahmad
>>>
>>>On Apr 01, 05, Oliver Boehmer (oboehmer) wrote:
>>>
>>>>>The main question is how a cisco router use the access-list ?
>>>>>I wannt to debug packets, which are originated by the router
>>>>>itselves. [...]
>>>>>
>>>>>Why I can't see the traffic matches in the access-list, whether
>>>>>the IP Packets are sent to the collectot, which I can see
>>>>>via a sniffer.
>>>>
>>>>packets originated by the router are not subject to access-list checks
>>>>on the outgoing/egress interface. This is why you don't "see" them in
>>>>the access-list counter..
>>>>
>>>>Netflow export packets are a special case anyway, those are sent without
>>>>any output feature treatment in order to send them most efficiently..
>>>>
>>>>	oli
>>>
>>>--
>>>Ahmad Cheikh-Moussa
>>>NetUSE AG
>>>Dr.-Hell-Straße, 24107 Kiel, Germany
>>>Telefon: +49 431 2390 400 --  Telefax: +49 431 2390 499
>>>Service: Service at NetUSE.DE --  http://NetUSE.DE/
>>>_______________________________________________
>>>cisco-nas mailing list
>>>cisco-nas at puck.nether.net
>>>https://puck.nether.net/mailman/listinfo/cisco-nas
> 
> 


More information about the cisco-nas mailing list