Access-list on vlan interface Cisco 3750

Hi,
i am working with tree Cisco 3750 for my core Routing/Switching.
I am ablte to route L3 traffic and Vlan traffic. My vlan are definied on the same switch (VTP Domain Server).
I apply some access-list to the vlans interface.
Everything work fine.
When i go to see the acl status with 'show access-list myacl" the 3750 show the acl with some match, but quickly they are reset. Like if i do a "clear counter access-list myacl".

The ios version is Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SEB2

Any idea ??

Thank you,
Mauro
PelittiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pjtemplinCommented:
Are you saying the numbers go DOWN, or simply that they're lower than what you'd expect?  I'm not familiar with the 3750 platform yet, but many of the swouters don't have accurate ACL counters because the processing is distributed amongst the port ASICs.
0
PelittiAuthor Commented:
The number are quikly reset, so i can't determine how many match i have.
I can to see the number with show access-list, but they are reset (no match)...

Thank you,
Mauro

0
pjtemplinCommented:
Can you show us three successive "sh access-list" outputs?
0
PelittiAuthor Commented:
Extended IP access list 112
    10 permit udp 10.0.12.0 0.0.0.255 10.0.12.0 0.0.0.255 (6 matches)
    30 permit udp host 10.0.11.111 host 10.0.12.6
    40 permit udp host 10.0.11.18 host 10.0.12.6
    50 permit udp host 10.0.11.35 host 10.0.12.6
    60 permit udp host 10.0.57.1 host 10.0.12.6
    80 permit udp host 10.0.57.1 host 10.0.12.7 eq syslog
    90 permit ip 10.0.14.0 0.0.0.255 any
    100 permit ip 10.0.16.0 0.0.0.255 any (12 matches)
    110 permit ip 10.0.17.0 0.0.0.255 any
    120 permit ip 10.0.19.0 0.0.0.63 any
    130 permit ip 10.0.22.0 0.0.0.63 any
    140 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.2
    150 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.3
    160 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.4
    170 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.5
    180 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.6
    190 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.10
    210 permit tcp any host 10.0.12.2 log
    220 permit tcp any host 10.0.12.4 log
    230 permit tcp any host 10.0.12.6 established log
    240 permit tcp any host 10.0.12.7 established log
    250 permit tcp any host 10.0.12.9 established log
    260 permit tcp host 10.0.12.26 10.0.55.0 0.0.0.255 log
    270 permit icmp 10.0.25.0 0.0.0.255 any
    280 permit udp 10.0.25.0 0.0.0.255 host 10.0.12.2 eq domain
    290 permit udp 10.0.25.0 0.0.0.255 host 10.0.12.4 eq domain
    300 deny ip any any log
Dor01#sh access-lists 112
Extended IP access list 112
    10 permit udp 10.0.12.0 0.0.0.255 10.0.12.0 0.0.0.255 (6 matches)
    30 permit udp host 10.0.11.111 host 10.0.12.6
    40 permit udp host 10.0.11.18 host 10.0.12.6
    50 permit udp host 10.0.11.35 host 10.0.12.6
    60 permit udp host 10.0.57.1 host 10.0.12.6
    80 permit udp host 10.0.57.1 host 10.0.12.7 eq syslog
    90 permit ip 10.0.14.0 0.0.0.255 any
    100 permit ip 10.0.16.0 0.0.0.255 any (16 matches)
    110 permit ip 10.0.17.0 0.0.0.255 any
    120 permit ip 10.0.19.0 0.0.0.63 any
    130 permit ip 10.0.22.0 0.0.0.63 any
    140 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.2
    150 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.3
    160 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.4
    170 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.5
    180 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.6
    190 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.10
    210 permit tcp any host 10.0.12.2 log
    220 permit tcp any host 10.0.12.4 log
    230 permit tcp any host 10.0.12.6 established log
    240 permit tcp any host 10.0.12.7 established log
    250 permit tcp any host 10.0.12.9 established log
    260 permit tcp host 10.0.12.26 10.0.55.0 0.0.0.255 log
    270 permit icmp 10.0.25.0 0.0.0.255 any
    280 permit udp 10.0.25.0 0.0.0.255 host 10.0.12.2 eq domain
    290 permit udp 10.0.25.0 0.0.0.255 host 10.0.12.4 eq domain
    300 deny ip any any log
Dor01#sh access-lists 112
Extended IP access list 112
    10 permit udp 10.0.12.0 0.0.0.255 10.0.12.0 0.0.0.255
    30 permit udp host 10.0.11.111 host 10.0.12.6
    40 permit udp host 10.0.11.18 host 10.0.12.6
    50 permit udp host 10.0.11.35 host 10.0.12.6
    60 permit udp host 10.0.57.1 host 10.0.12.6
    80 permit udp host 10.0.57.1 host 10.0.12.7 eq syslog
    90 permit ip 10.0.14.0 0.0.0.255 any
    100 permit ip 10.0.16.0 0.0.0.255 any
    110 permit ip 10.0.17.0 0.0.0.255 any
    120 permit ip 10.0.19.0 0.0.0.63 any
    130 permit ip 10.0.22.0 0.0.0.63 any
    140 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.2
    150 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.3
    160 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.4
    170 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.5
    180 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.6
    190 permit ip 10.0.18.0 0.0.0.255 host 10.0.12.10
    210 permit tcp any host 10.0.12.2 log
    220 permit tcp any host 10.0.12.4 log
    230 permit tcp any host 10.0.12.6 established log
    240 permit tcp any host 10.0.12.7 established log
    250 permit tcp any host 10.0.12.9 established log
    260 permit tcp host 10.0.12.26 10.0.55.0 0.0.0.255 log
    270 permit icmp 10.0.25.0 0.0.0.255 any
    280 permit udp 10.0.25.0 0.0.0.255 host 10.0.12.2 eq domain
    290 permit udp 10.0.25.0 0.0.0.255 host 10.0.12.4 eq domain
    300 deny ip any any log
0
pjtemplinCommented:
Uh, strange.  Time to call Cisco TAC on that one.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.