Acl matches not showing

Hi all
My question is about ACL

here is my acl

permit tcp any host 172.16.88.20 eq smtp log
deny   tcp any host 172.16.88.253 eq ftp log
deny   tcp any host 172.16.88.253 eq 22 log
deny   tcp any host172.16.88.253  eq telnet log
deny   tcp any host 172.16.88.253  eq sunrpc log
deny   tcp any host 172.16.88.253  eq ftp-data log
deny   icmp any host 202.163.80.253 log

Now my question is when i give the command
show access-list

it dows not show  the matches

permit tcp any host 172.16.88.20 eq smtp log (10 matches)
( as this is our mail server and we are recieving mails succesfully)

how can i enable my router that it show the matches when i issue command

Waiting for early response
iam23mAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NicBreyCommented:
Hi there
You have to enable logging on the router, either to a syslog server or to memory

To log to a memory buffer:
router(config)# logging buffered <level of logging you require>     <----  use the  " ? "  key to see the options

To log to syslog server:
router(config)# logging <ip address of syslog server>

View the memory buffer log:
router#  show log


NicBreyCommented:
I suggest that you log to a external syslog server save router resources.

Link to syslog daemon for Windows:
http://www.kiwisyslog.com/

But it you are going to log to memory, use the "clear log" command to clean out the log.
MaxQCommented:
I don't think it's a question about logging messages as much as the hit counters for each line of the access list.  

My first guess would be that "ip route-cache" is turned on, which means that the router will fast-switch all of the packets after the first one in each flow, so only that first packet will show up in the ACL counters.  

If your router isn't extremely busy you can turn off the feature (I wouldn't recommend leaving it this way though) with "no ip route-cache" on the interfaces in question if you need to see the exact numbers of hits on each line in the ACL.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scotty_ciscoCommented:
I think MaxQ is on the right path but I got the impression that he was not showing any matches? Is this correct?  If this is the case I would try adding the log statment to the end of the ACL for some testing and check to see if the packets are actually hitting the ACL.  If they are, I have seen some situations where different versions of IOS shows the packet counts and others do not.  For instance route-maps are that way in many of the 12.1 versions they are not shown as hitting the ACL when we upgraded to 12.2 they started showing.  Also check the direction of the applied access list I know it sounds dumb but that has bitten me more than once ....

Thanks
Scott
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.