[c-nsp] ACL 1000 deny hits per second. Only 10 packets in logfile
Kim Onnel
karim.adel at gmail.com
Wed Mar 9 04:31:04 EST 2005
I know that on some platforms, the ACE matches numbers doesnt report
correctly e.g: 6500/7600
I've had a 7600 giving Little number of matches on my last ace (permit
ip any any) on a very busy interface
that is IIRC, because the ACEs are done in hardware, reported in
software, i'd like to be corrected if i am wrong about this, anyone
On Wed, 9 Mar 2005 10:25:26 +0100 (CET), Roger Wiklund <copse at xy.org> wrote:
> Cisco 3750 EMI 12.2(20)SE3
>
> //Roger
>
> On Wed, 9 Mar 2005, Kim Onnel wrote:
>
> > Which Router and IOS is this
> >
> >
> > On Tue, 8 Mar 2005 17:35:04 +0100 (CET), Roger Wiklund <copse at xy.org> wrote:
> >> Hi,
> >>
> >> Yes I know, but every five minuts there are rate-limit or packets missed
> >> ~10-15
> >>
> >> //Roger
> >>
> >> On Tue, 8 Mar 2005, Amol Sapkal wrote:
> >>
> >>> I am not sure, but the router will log only a few packets per few
> >>> seconds and not all the packets, otherwise the cpu would overload
> >>> logging all the packets.
> >>>
> >>> -Amol
> >>>
> >>>
> >>> On Tue, 8 Mar 2005 09:26:19 -0500, Dave Temkin <dave at ordinaryworld.com> wrote:
> >>>> Do you have anything defined for the "logging rate-limit" command?
> >>>>
> >>>> On Tue, 8 Mar 2005 15:19:30 +0100 (CET), Roger Wiklund wrote
> >>>>> Hi, I have a strange problem.
> >>>>>
> >>>>> In my access-list i get about 1000 deny hits/s. But when I look in
> >>>>> my log I only see about 10 deny packets/minuts. Have I overlooked something?
> >>>>>
> >>>>> access-list xxx permit ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx any
> >>>>> access-list xxx deny ip any any log-input
> >>>>>
> >>>>> //Roger
> >>>>> _______________________________________________
> >>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>>
> >>>> David Temkin
> >>>>
> >>>> _______________________________________________
> >>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>>>
> >>>
> >>>
> >>> --
> >>> Warm Regds,
> >>>
> >>> Amol Sapkal
> >>>
> >>> --------------------------------------------------------------------
> >>> An eye for an eye makes the whole world blind
> >>> - Mahatma Gandhi
> >>> --------------------------------------------------------------------
> >>>
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
>
More information about the cisco-nsp
mailing list