Try putting a range of 0-65535 for your source as well just to see what
happens. I would be curious. I have seen this before, but the fact that
you get some packets that show and others that don't seems a little strange.
On Thu, Jun 2, 2011 at 8:13 AM, Muzammil Malick <malickmuz_at_gmail.com> wrote:
> Hi All
>
> Need some advice/help/pointers?
>
> I have an access-list as follows:
>
> access-list 101 permit udp any 10.0.0.0 0.0.0.255 range 0 1023 log
> access-list 101 permit udp any 172.16.0.0 0.0.255.255 range 0 1023 log
>
> The ip ranges are bogus but this illustrates how my ACLs are configured.
>
> My ACL will log traffic matches like this:
>
> permitted udp 10.0.0.1(0) -> 10.0.0.2(0), 1 packet
> permitted udp 172.16.0.18(0) -> 172.16.0.2(0), 1 packet
>
> so UDP port 0 is showing up hwoever it also matches traffic for other
> ports aswell:
>
> permitted udp 10.0.0.3(6007) -> 10.0.0.4(80), 1 packet
> permitted udp 172.16.0.4(8080) -> 172.16.0.5(80), 1 packet
>
> I am fairly sure (not 100%) that the UDP port 0 traffic is not really
> port 0 traffic.
> I have googled the subject and people mention that this is how IOS
> reports matches if the ACL is not matching ports
> but as you can see my ACL is. ALso I cannot find this behaviour
> mentioned in any Cisco documentation.
>
> Does anyone have experience with this?
>
>
> Thanks
>
> Muzammil
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Regards, Joe Astorino CCIE #24347 Blog: http://astorinonetworks.com "He not busy being born is busy dying" - Dylan Blogs and organic groups at http://www.ccie.netReceived on Thu Jun 02 2011 - 09:08:39 ART
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:27 ART