Extreme Networks

Rich6 · ‎08-23-2017

Hi, I have an ACL defined to manage general access between subnets across switches, and as part of that some rules have counters assigned to them. The problem I am having is that when I use the show access-list counter command, not all of my counters are showing and I get a list that lookes similar to the below :

# show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
ACCESS_CONTROL * * ingress
Rule1 163
Rule2 0
Rule3 0
not well-formed (invalid data)

if anyone can help I would like to know why it says "not well-formed (invalid data)"
Also if anyone has experience with defined counters not appearing...

i have compared ACL defined rules and cannot see any obviuos syntax differences between rules where the counter works and rules where it does not.. i havwe working counters and non working counters from rules both pretty much identical to the below:

entry Rule1 {
if {
source-address x.x.x.x;
destination-address y.y.y.y;
}
then {
permit;
count Rule1-Counter;
}
}

Any comments appreciated

Thanks

Rich6 · ‎08-23-2017

To say they are routed by the current device is not entirely accurate but could be depending on VRRP master / backup status etc... This ACL does exist on all device which could prossibly handle the L3 traffic defined in the rule... Communication between these x and y is blocked by a catch all at the bottom of the ACL unless specific IPs are defined as per the above example. The issue is not that the counter is not incrementing, but that is does not appear in the list at all.......

Nick_Yakimenko · ‎08-23-2017

are x-x-x-x and y-y-y-y always on different subnets both routed via your current device?

Extreme Networks

ACL counters not showing

ACL counters not showing