Hi Muzammil,
if it was tcp, then will be traffic from collisions, incomplete or malformed
packets. So I deduce that could be the same but for UDP.
Hth,
Robclav
2011/6/5 Muzammil Malick <malickmuz_at_gmail.com>
> Thanks Joe,
>
> That didnt help. Its really weird. I think I will raise a TAC unless
> anyone else has any useful insights?
>
> thanks
>
> On 2 June 2011 14:08, Joe Astorino <joeastorino1982_at_gmail.com> wrote:
> > Try putting a range of 0-65535 for your source as well just to see what
> > happens. I would be curious. I have seen this before, but the fact that
> > you get some packets that show and others that don't seems a little
> strange.
> >
> > On Thu, Jun 2, 2011 at 8:13 AM, Muzammil Malick <malickmuz_at_gmail.com>
> wrote:
> >>
> >> Hi All
> >>
> >> Need some advice/help/pointers?
> >>
> >> I have an access-list as follows:
> >>
> >> access-list 101 permit udp any 10.0.0.0 0.0.0.255 range 0 1023 log
> >> access-list 101 permit udp any 172.16.0.0 0.0.255.255 range 0 1023 log
> >>
> >> The ip ranges are bogus but this illustrates how my ACLs are configured.
> >>
> >> My ACL will log traffic matches like this:
> >>
> >> permitted udp 10.0.0.1(0) -> 10.0.0.2(0), 1 packet
> >> permitted udp 172.16.0.18(0) -> 172.16.0.2(0), 1 packet
> >>
> >> so UDP port 0 is showing up hwoever it also matches traffic for other
> >> ports aswell:
> >>
> >> permitted udp 10.0.0.3(6007) -> 10.0.0.4(80), 1 packet
> >> permitted udp 172.16.0.4(8080) -> 172.16.0.5(80), 1 packet
> >>
> >> I am fairly sure (not 100%) that the UDP port 0 traffic is not really
> >> port 0 traffic.
> >> I have googled the subject and people mention that this is how IOS
> >> reports matches if the ACL is not matching ports
> >> but as you can see my ACL is. ALso I cannot find this behaviour
> >> mentioned in any Cisco documentation.
> >>
> >> Does anyone have experience with this?
> >>
> >>
> >> Thanks
> >>
> >> Muzammil
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> >
> >
> > --
> > Regards,
> >
> > Joe Astorino
> > CCIE #24347
> > Blog: http://astorinonetworks.com
> >
> > "He not busy being born is busy dying" - Dylan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Robert Clavero CCIE RS/wr, CCNP, CCSP, CCSE NGX, SCSA 9, WLFES, BNP y JNCIA WX blog:http://robclavbcn.blogspot.com web:http://www.kubsolutions.com Blogs and organic groups at http://www.ccie.netReceived on Wed Jun 08 2011 - 00:30:45 ART
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART