Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access-liist help

Status
Not open for further replies.
ashokshabakah

ashokshabakah

ISP
Feb 21, 2005
25
SA
hai

deny ip 63.250.215.0 0.0.0.255 any log-input (73 matches)

what is the mean of 73 mathches

explain me plz

Thanks
carlos
 
Sort by date Sort by votes
It means that there have been 73 matches against that access-list statement. Every time traffic is either permitted or denied by an access list statement, the "hit" count would go up.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
permit ip 63.250.215.0 0.0.0.255 any log-input (73 matches)

if this command is applied traffic is permitted so if i get 73 matches

that means

carlos
 
Upvote 0 Downvote
It mean that same thing. Traffic has been permitted as a result of that access list 73 times. It's just a hit count, ie. a match has been made on that access list statement. Traffic from 63.250.215/24 has been permitted by the router as a result of matching that acl statement.

For example, on my router;

Extended IP access list 106
10 deny tcp any any eq (415 matches)
20 deny tcp any any eq smtp log (152 matches)
30 deny tcp any any eq 445 log (3155 matches)

So, I've blocked inbound port 80 traffic and I can see that there have been 415 connection attempts on port 80 and 152 smtp attempts which have been blocked as a result of that acl and 3155 port 445 connections which have been blocked.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Thanks for u r replies can i ask u one more thing

so for suppose i was trying to block and smtp server accesing my server

access-list 111 deny ip ..............

so next i should give ip permit any any right

but already ip permit any any exists should i give it again

r leave it as it is just adding the deny statement
 
Upvote 0 Downvote
If you add a deny statement, it will appear at the bottom of the acl and so will not be matched if there is a permit ip any any above it.

You may be better off just writing a new ACL, applying it to the interface and then removing the old one.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
ok u mean like
Thanks once again for u r reply
first i will remove the
no ip permit any any
& then

access-list

then

ip permit any any
like this

thanks
 
Upvote 0 Downvote
No, I mean the whole acl not just one line.

no access-list 111.

int <int>
no access-group 111 in

Then create a new one.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
520
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
673
BIS
BIS
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
269
bfordz
bfordz
DigiByte34
  • Locked
  • Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
591
DigiByte34
DigiByte34
CDIV
  • Locked
  • Question
Help me build a network
Replies
1
Views
220
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top