From: Deepesh Chouhan (deepesh@cisco.com)
Date: Sat May 03 2003 - 00:26:46 GMT-3
Hi
1. No - It has to be a numbered ACL
2. Yes - 0 = unlimited
Deepesh
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Vincent
> Sent: Tuesday, April 29, 2003 3:40 AM
> To: ccielab@groupstudy.com
> Subject: IP accounting
>
>
> Hello group,
>
> Can I use "named access-list" together with "ip accounting
> access-violation"?
>
> My diagram is:
>
> HostA -------------------------- Router3
> ------------------------------------
> Router2
> 10.10.1.1 10.10.1.2 192.168.2.1 (s0/1)
> 192.168.2.2 172.16.0.1
>
>
> It seems that the following configuration did not work:
>
> ip access-list extended TEST
> deny icmp any any
> permit ip any any
> !
> int s0/1
> ip accounting access-violation
> ip access-group TEST out
>
>
> However, by changing to numbered access-list, it worked:
>
> access-list 101 deny icmp any any
> access-list 101 permit ip any any
> !
> int s0/1
> ip accounting access-violation
> ip access-group 101 out
>
> Router3#sh ip accounting access-violation
> Source Destination Packets Bytes
> ACL
> 10.10.1.1 172.16.0.1 4 240
> 101
>
>
> Also, according to Cisco's default, "ip accounting-transit"
> should be 0, does
> this mean "unlimited"?
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:36 GMT-3