This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: ACL counters not showing
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ACL counters not showing
ACL counters not showing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-23-2017 10:02 AM
Hi, I have an ACL defined to manage general access between subnets across switches, and as part of that some rules have counters assigned to them. The problem I am having is that when I use the show access-list counter command, not all of my counters are showing and I get a list that lookes similar to the below :
# show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
ACCESS_CONTROL * * ingress
Rule1 163
Rule2 0
Rule3 0
not well-formed (invalid data)
if anyone can help I would like to know why it says "not well-formed (invalid data)"
Also if anyone has experience with defined counters not appearing...
i have compared ACL defined rules and cannot see any obviuos syntax differences between rules where the counter works and rules where it does not.. i havwe working counters and non working counters from rules both pretty much identical to the below:
entry Rule1 {
if {
source-address x.x.x.x;
destination-address y.y.y.y;
}
then {
permit;
count Rule1-Counter;
}
}
Any comments appreciated
Thanks
# show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
ACCESS_CONTROL * * ingress
Rule1 163
Rule2 0
Rule3 0
not well-formed (invalid data)
if anyone can help I would like to know why it says "not well-formed (invalid data)"
Also if anyone has experience with defined counters not appearing...
i have compared ACL defined rules and cannot see any obviuos syntax differences between rules where the counter works and rules where it does not.. i havwe working counters and non working counters from rules both pretty much identical to the below:
entry Rule1 {
if {
source-address x.x.x.x;
destination-address y.y.y.y;
}
then {
permit;
count Rule1-Counter;
}
}
Any comments appreciated
Thanks
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-24-2017 11:48 AM
Do you use any special characters in the counter name
like " & .(dot ) + - _ % ", etc ?
Or the counter name contains only a-z A-Z 0-9 ?
--
Jarek
like " & .(dot ) + - _ % ", etc ?
Or the counter name contains only a-z A-Z 0-9 ?
--
Jarek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-24-2017 11:48 AM
OK all... Thanks for all your replies. Its all good info 🙂
Thanks in advance...
- I have checked the policy syntax with the check policy xxx command and check policy xxx access-list command all pass OK.
- I have refreshed the policy each time
- I have tried show access-list counter
as well as specifying ingress|egress and cannot see some defined counters - I have looked at the policy characters, name lengths etc... and compared some working rule counters with non workers and cannot really see any "character convention" or line length issues which contravene a working rule...
- The "not well formed" statement at the bottom of my displayed counters still bothers me. Does anyone else see this?
- The counters I can see in the list seem to be random and not as if the first 8 in the ACL work (which would be more logical).
Thanks in advance...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-24-2017 07:03 AM
Hi Rich,
can you post:
1) what EXOS you use and the switch ?
2) you see that issue only on one device or more ?
3 if you have more devices, they have the same EXOS ?
--
Jarek
can you post:
1) what EXOS you use and the switch ?
2) you see that issue only on one device or more ?
3 if you have more devices, they have the same EXOS ?
--
Jarek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-24-2017 04:49 AM
Hi Rich,
Just to be sure that the entire policy has been written correct, please check if the policy is good with the command below,
#check policy (the extenstion is not necessary in this command).
If the policy is good, the output should be something similar to below,
# check policy HTTP-RETURN --- (HTTP-RETURN is my sample policy name)
Policy file check successful.
Just to be sure that the entire policy has been written correct, please check if the policy is good with the command below,
#check policy (the extenstion is not necessary in this command).
If the policy is good, the output should be something similar to below,
# check policy HTTP-RETURN --- (HTTP-RETURN is my sample policy name)
Policy file check successful.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-24-2017 02:09 AM
Hi Rich,
If the ACL is applied in the egress direction then you need to check the counter with the command
"show access-list counter egress"
Can you check if this helps!
If the ACL is applied in the egress direction then you need to check the counter with the command
"show access-list counter egress"
Can you check if this helps!
