>[оверквотинг удален]
>domain (63 matches)
> 30 deny udp host 81.222.80.2 eq domain 172.16.1.0
>0.0.0.255
> 40 permit tcp any any eq www (7
>matches)
>
>
>
>
>вот такие дела ... где то слон спрятался ..((( Session inbound features:
Feature: Session accounting
Method List: BH_ACCNT_LIST
Packets = 140, Bytes = 13220
Feature: Layer 4 Redirect
Rule table is empty
Traffic classes:
Traffic class session ID: 17
ACL Name: ACL_IN_INT, Packets = 15, Bytes = 720
Traffic class session ID: 18
ACL Name: ACL_IN_L4R, Packets = 9, Bytes = 432
Default traffic is dropped
Unmatched Packets (dropped) = 122, Re-classified packets (redirected) = 6
Feature: Portbundle Hostkey
Portbundle IP = 172.16.4.4 Bundle Number = 69
Session outbound features:
Feature: Session accounting
Method List: BH_ACCNT_LIST
Packets = 8, Bytes = 384
Traffic classes:
Traffic class session ID: 17
ACL Name: ACL_OUT_INT, Packets = 8, Bytes = 384
Traffic class session ID: 18
ACL Name: ACL_IN_L4R, Packets = 0, Bytes = 0
Default traffic is dropped
Unmatched Packets (dropped) = 0, Re-classified packets (redirected) = 0
Configuration sources associated with this session:
Service: SERVICE_403_L4R_TC, Active Time = 00:07:55
Service: SERVICE_401_INTERNET, Active Time = 00:07:57
AAA Service ID = 66874268
Service: PBHK_SERVICE, Active Time = 00:07:57
Interface: GigabitEthernet0/1.4000100, Active Time = 00:07:57
В догонку ....
И вот ещё два цисковских перла -
CSCeh35036—Two Traffic Classes with L4 Redirect Do Not Work
Two traffic classes on which prioritization and L4 redirection are applied, and for which the ACLs used to do the traffic classification overlap, cannot be used at the same time by the same subscriber. If there is an attempt to use these features at the same time, return traffic will fail to get translated again when it is translated using the traffic class service that was last applied.
CSCsa86854—Log Function on ACL Breaks Traffic Classification
When logging is enabled on an extended ACL, and the ACL is used to classify packets on an ISG, all traffic matching the ACL is incorrectly dropped. When the log keyword is removed from the extended access-list command, everything works as expected.
Второй про то , что при включённом логе не работают в данном случае ACL.
А вот первый - смысл его до меня не до конца дошёл , но есть подозрение что в нём есть важный момент (